rfc9153.original   rfc9153.txt 
DRIP S. Card, Ed. Internet Engineering Task Force (IETF) S. Card, Ed.
Internet-Draft A. Wiethuechter Request for Comments: 9153 A. Wiethuechter
Intended status: Informational AX Enterprize Category: Informational AX Enterprize
Expires: 12 March 2022 R. Moskowitz ISSN: 2070-1721 R. Moskowitz
HTT Consulting HTT Consulting
A. Gurtov A. Gurtov
Linköping University Linköping University
8 September 2021 February 2022
Drone Remote Identification Protocol (DRIP) Requirements Drone Remote Identification Protocol (DRIP) Requirements and Terminology
draft-ietf-drip-reqs-18
Abstract Abstract
This document defines terminology and requirements for Drone Remote This document defines terminology and requirements for solutions
Identification Protocol (DRIP) Working Group solutions to support produced by the Drone Remote Identification Protocol (DRIP) Working
Unmanned Aircraft System Remote Identification and tracking (UAS RID) Group. These solutions will support Unmanned Aircraft System Remote
for security, safety, and other purposes (e.g., initiation of Identification and tracking (UAS RID) for security, safety, and other
identity based network sessions supporting UAS applications). DRIP purposes (e.g., initiation of identity-based network sessions
will facilitate use of existing Internet resources to support RID and supporting UAS applications). DRIP will facilitate use of existing
to enable enhanced related services, and will enable online and Internet resources to support RID and to enable enhanced related
offline verification that RID information is trustworthy. services, and it will enable online and offline verification that RID
information is trustworthy.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on 12 March 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9153.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Simplified BSD License text to this document. Code Components extracted from this document must
as described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Simplified BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
1.1. Motivation and External Influences . . . . . . . . . . . 3 1.1. Motivation and External Influences
1.2. Concerns and Constraints . . . . . . . . . . . . . . . . 8 1.2. Concerns and Constraints
1.3. DRIP Scope . . . . . . . . . . . . . . . . . . . . . . . 10 1.3. DRIP Scope
1.4. Document Scope . . . . . . . . . . . . . . . . . . . . . 11 1.4. Document Scope
2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 11 2. Terms and Definitions
2.1. Requirements Terminology . . . . . . . . . . . . . . . . 11 2.1. Requirements Terminology
2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 11 2.2. Definitions
3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 20 3. UAS RID Problem Space
3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 22 3.1. Network RID
3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 25 3.2. Broadcast RID
3.3. USS in UTM and RID . . . . . . . . . . . . . . . . . . . 29 3.3. USS in UTM and RID
3.4. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 29 3.4. DRIP Focus
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 31 4. Requirements
4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.1. General
4.1.1. Normative Requirements . . . . . . . . . . . . . . . 31 4.1.1. Normative Requirements
4.1.2. Rationale . . . . . . . . . . . . . . . . . . . . . . 32 4.1.2. Rationale
4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 34 4.2. Identifier
4.2.1. Normative Requirements . . . . . . . . . . . . . . . 34 4.2.1. Normative Requirements
4.2.2. Rationale . . . . . . . . . . . . . . . . . . . . . . 35 4.2.2. Rationale
4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 36 4.3. Privacy
4.3.1. Normative Requirements . . . . . . . . . . . . . . . 36 4.3.1. Normative Requirements
4.3.2. Rationale . . . . . . . . . . . . . . . . . . . . . . 37 4.3.2. Rationale
4.4. Registries . . . . . . . . . . . . . . . . . . . . . . . 37 4.4. Registries
4.4.1. Normative Requirements . . . . . . . . . . . . . . . 38 4.4.1. Normative Requirements
4.4.2. Rationale . . . . . . . . . . . . . . . . . . . . . . 38 4.4.2. Rationale
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 5. IANA Considerations
6. Security Considerations . . . . . . . . . . . . . . . . . . . 39 6. Security Considerations
7. Privacy and Transparency Considerations . . . . . . . . . . . 40 7. Privacy and Transparency Considerations
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 8. References
8.1. Normative References . . . . . . . . . . . . . . . . . . 41 8.1. Normative References
8.2. Informative References . . . . . . . . . . . . . . . . . 42 8.2. Informative References
Appendix A. Discussion and Limitations . . . . . . . . . . . . . 46 Appendix A. Discussion and Limitations
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 47 Acknowledgments
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48 Authors' Addresses
1. Introduction 1. Introduction
For any unfamiliar or _a priori_ ambiguous terminology herein, see This document defines terminology and requirements for solutions
produced by the Drone Remote Identification Protocol (DRIP) Working
Group. These solutions will support Unmanned Aircraft System Remote
Identification and tracking (UAS RID) for security, safety, and other
purposes (e.g., initiation of identity-based network sessions
supporting UAS applications). DRIP will facilitate use of existing
Internet resources to support RID and to enable enhanced related
services, and it will enable online and offline verification that RID
information is trustworthy.
For any unfamiliar or a priori ambiguous terminology herein, see
Section 2. Section 2.
1.1. Motivation and External Influences 1.1. Motivation and External Influences
Many considerations (especially safety and security) necessitate Many considerations (especially safety and security) necessitate
Unmanned Aircraft Systems (UAS) Remote Identification and tracking Unmanned Aircraft System Remote Identification and tracking (UAS
(RID). RID).
Unmanned Aircraft (UA) may be fixed wing, rotary wing (e.g., Unmanned Aircraft (UA) may be fixed-wing, rotary-wing (e.g.,
helicopter), hybrid, balloon, rocket, etc. Small fixed wing UA helicopter), hybrid, balloon, rocket, etc. Small fixed-wing UA
typically have Short Take-Off and Landing (STOL) capability; rotary typically have Short Take-Off and Landing (STOL) capability; rotary-
wing and hybrid UA typically have Vertical Take-Off and Landing wing and hybrid UA typically have Vertical Take-Off and Landing
(VTOL) capability. UA may be single- or multi-engine. The most (VTOL) capability. UA may be single- or multi-engine. The most
common today are multicopters: rotary wing, multi engine. The common today are multicopters (rotary-wing, multi-engine). The
explosion in UAS was enabled by hobbyist development, for explosion in UAS was enabled by hobbyist development of advanced
multicopters, of advanced flight stability algorithms, enabling even flight stability algorithms for multicopters that enabled even
inexperienced pilots to take off, fly to a location of interest, inexperienced pilots to take off, fly to a location of interest,
hover, and return to the take-off location or land at a distance. hover, and return to the takeoff location or land at a distance. UAS
UAS can be remotely piloted by a human (e.g., with a joystick) or can be remotely piloted by a human (e.g., with a joystick) or
programmed to proceed from Global Navigation Satellite System (GNSS) programmed to proceed from Global Navigation Satellite System (GNSS)
waypoint to waypoint in a weak form of autonomy; stronger autonomy is waypoint to waypoint in a weak form of autonomy; stronger autonomy is
coming. coming.
Small UA are "low observable" as they: Small UA are "low observable" as they:
* typically have small radar cross sections; * typically have small radar cross sections;
* make noise quite noticeable at short ranges but difficult to * make noise that is quite noticeable at short ranges but difficult
detect at distances they can quickly close (500 meters in under 13 to detect at distances they can quickly close (500 meters in under
seconds by the fastest consumer mass market drones available in 13 seconds by the fastest consumer mass-market drones available in
early 2021); early 2021);
* typically fly at low altitudes (e.g., for those to which RID * typically fly at low altitudes (e.g., under 400 feet Above Ground
applies in the US, under 400 feet Above Ground Level (AGL) as per Level (AGL) for UA to which RID applies in the US, as per
[Part107]); [Part107]); and
* are highly maneuverable so can fly under trees and between * are highly maneuverable and thus can fly under trees and between
buildings. buildings.
UA can carry payloads including sensors, cyber and kinetic weapons, UA can carry payloads (including sensors, cyber weapons, and kinetic
or can be used themselves as weapons by flying them into targets. weapons) or can be used themselves as weapons by flying them into
They can be flown by clueless, careless, or criminal operators. Thus targets. They can be flown by clueless, careless, or criminal
the most basic function of UAS RID is "Identification Friend or Foe" operators. Thus, the most basic function of UAS RID is
(IFF) to mitigate the significant threat they present. "Identification Friend or Foe (IFF)" to mitigate the significant
threat they present.
Diverse other applications can be enabled or facilitated by RID. Diverse other applications can be enabled or facilitated by RID.
Internet protocols typically start out with at least one entity Internet protocols typically start out with at least one entity
already knowing an identifier or locator of another; but an entity already knowing an identifier or locator of another; but an entity
(e.g., UAS or Observer device) encountering an _a priori_ unknown UA (e.g., UAS or Observer device) encountering an a priori unknown UA in
in physical space has no identifier or logical space locator for that physical space has no identifier or logical space locator for that
UA, unless and until one is provided somehow. RID provides an UA, unless and until one is provided somehow. RID provides an
identifier, which, if well chosen, can facilitate use of a variety of identifier, which, if well chosen, can facilitate use of a variety of
Internet family protocols and services to support arbitrary Internet family protocols and services to support arbitrary
applications, beyond the basic security functions of RID. For most applications beyond the basic security functions of RID. For most of
of these, some type of identifier is essential, e.g., Network Access these, some type of identifier is essential, e.g., Network Access
Identifier (NAI), Digital Object Identifier (DOI), Uniform Resource Identifier (NAI), Digital Object Identifier (DOI), Uniform Resource
Identifier (URI), domain name, or public key. DRIP motivations Identifier (URI), domain name, or public key. DRIP motivations
include both the basic security and the broader application support include both the basic security and the broader application support
functions of RID. The general scenario is illustrated in Figure 1. functions of RID. The general scenario is illustrated in Figure 1.
+-----+ +-----+ +-----+ +-----+
| UA1 | | UA2 | | UA1 | | UA2 |
+-----+ +-----+ +-----+ +-----+
+----------+ +----------+ +----------+ +----------+
skipping to change at page 4, line 46 skipping to change at line 194
************* *************
| | | | | |
+----------+ | | | +----------+ +----------+ | | | +----------+
| Public o---/ | \---o Private | | Public o---/ | \---o Private |
| Registry | | | Registry | | Registry | | | Registry |
+----------+ | +----------+ +----------+ | +----------+
+--o--+ +--o--+
| DNS | | DNS |
+-----+ +-----+
Figure 1: "General UAS RID Usage Scenario" Figure 1: General UAS RID Usage Scenario
Figure 1 illustrates a typical case where there may be: multiple Figure 1 illustrates a typical case where there may be the following:
Observers, some of them members of the general public, others
government officers with public safety/security responsibilities; * multiple Observers, some of them members of the general public and
multiple UA in flight within observation range, each with its own others government officers with public safety and security
pilot/operator; at least one registry each for lookup of public and responsibilities,
(by authorized parties only) private information regarding the UAS
and their pilots/operators; and in the DRIP vision, DNS resolving * multiple UA in flight within observation range, each with its own
various identifiers and locators of the entities involved. pilot/operator,
* at least one registry each for lookup of public and (by authorized
parties only) private information regarding the UAS and their
pilots/operators, and
* in the DRIP vision, DNS resolving various identifiers and locators
of the entities involved.
Note the absence of any links to/from the UA in the figure; this is Note the absence of any links to/from the UA in the figure; this is
because UAS RID and other connectivity involving the UA varies. Some because UAS RID and other connectivity involving the UA varies. Some
connectivity paths do or do not exist depending upon the scenario. connectivity paths do or do not exist depending upon the scenario.
Command and Control (C2) from the GCS to the UA via the Internet Command and Control (C2) from the Ground Control Station (GCS) to the
(e.g., using LTE cellular) is expected to become much more common as UA via the Internet (e.g., using LTE cellular) is expected to become
Beyond Visual Line Of Sight (BVLOS) operations increase; in such a much more common as Beyond Visual Line Of Sight (BVLOS) operations
case, there is typically not also a direct wireless link between the increase; in such a case, there is typically not also a direct
GCS and UA. Conversely, if C2 is running over a direct wireless wireless link between the GCS and UA. Conversely, if C2 is running
link, then typically the GCS has but the UA lacks Internet over a direct wireless link, then the GCS typically has Internet
connectivity. Further, paths that nominally exist, such as between connectivity, but the UA does not. Further, paths that nominally
an Observer device and the Internet, may be severely intermittent. exist, such as between an Observer device and the Internet, may be
These connectivity constraints are likely to have an impact, e.g., on severely intermittent. These connectivity constraints are likely to
how reliably DRIP requirements can be satisfied. have an impact, e.g., on how reliably DRIP requirements can be
satisfied.
An Observer of UA may need to classify them, as illustrated An Observer of UA may need to classify them, as illustrated
notionally in Figure 2, for basic airspace Situational Awareness notionally in Figure 2, for basic airspace Situational Awareness
(SA). An Observer who classifies a UAS: as Taskable, can ask it to (SA). An Observer can classify a UAS as one of the following and
do something useful; as Low Concern, can reasonably assume it is not treat as:
malicious and would cooperate with requests to modify its flight
plans for safety concerns that arise; as High Concern or * Taskable: can ask it to do something useful.
Unidentified, can focus surveillance on it.
* Low Concern: can reasonably assume it is not malicious and would
cooperate with requests to modify its flight plans for safety
concerns that arise.
* High Concern or Unidentified: can focus surveillance on it.
xxxxxxx xxxxxxx
x x No +--------------+ x x No +--------------+
x ID? x+---->| Unidentified | x ID? x+---->| Unidentified |
x x +--------------+ x x +--------------+
xxxxxxx xxxxxxx
+ +
| Yes | Yes
v v
xxxxxxx xxxxxxx
x x x x
.---------+x Type? x+----------. .---------+x Type? x+----------.
| x x | | x x |
| xxxxxxx | | xxxxxxx |
| + | | + |
v v v v v v
+--------------+ +--------------+ +--------------+ +--------------+ +--------------+ +--------------+
| Taskable | | Low Concern | | High Concern | | Taskable | | Low Concern | | High Concern |
+--------------+ +--------------+ +--------------+ +--------------+ +--------------+ +--------------+
Figure 2: "Notional UAS Classification" Figure 2: Notional UAS Classification
ASTM International, Technical Committee F38 (UAS), Subcommittee The widely cited "Standard Specification for Remote ID and Tracking"
F38.02 (Aircraft Operations), Work Item WK65041, developed the widely [F3411-19] was developed by ASTM International, Technical Committee
cited Standard Specification for Remote ID and Tracking [F3411-19]: F38 (UAS), Subcommittee F38.02 (Aircraft Operations), Work Item
the published standard is available for purchase from ASTM and as an WK65041. The published standard is available for purchase from ASTM
ASTM membership premium; early drafts are freely available as and is also available as an ASTM membership premium; early draft
[OpenDroneID] specifications. [F3411-19] is frequently referenced in versions are freely available as Open Drone ID specifications
DRIP, where building upon its link layers and both enhancing support [OpenDroneID]. [F3411-19] is frequently referenced in DRIP, where
for and expanding the scope of its applications are central foci. building upon its link layers and both enhancing support for and
expanding the scope of its applications are central foci.
In many applications, including UAS RID, identification and In many applications, including UAS RID, identification and
identifiers are not ends in themselves; they exist to enable lookups identifiers are not ends in themselves; they exist to enable lookups
and provision of other services. and provision of other services.
Using UAS RID to facilitate vehicular (V2X) communications and Using UAS RID to facilitate vehicular (i.e., Vehicle-to-Everything
applications such as Detect And Avoid (DAA), which would impose (V2X)) communications and applications such as Detect And Avoid
tighter latency bounds than RID itself, is an obvious possibility, (DAA), which would impose tighter latency bounds than RID itself, is
explicitly contemplated in the United States (US) Federal Aviation an obvious possibility; this is explicitly contemplated in the
Administration (FAA) Remote Identification of Unmanned Aircraft rule "Remote Identification of Unmanned Aircraft" rule of the US Federal
[FRUR]. However, usage of RID systems and information beyond mere Aviation Administration (FAA) [FRUR]. However, usage of RID systems
identification (primarily to hold operators accountable after the and information beyond mere identification (primarily to hold
fact), including DAA, have been declared out of scope in ASTM F38.02 operators accountable after the fact), including DAA, were declared
WK65041, based on a distinction between RID as a security standard vs out of scope in ASTM F38.02 WK65041, based on a distinction between
DAA as a safety application. Aviation community Standards RID as a security standard versus DAA as a safety application.
Development Organizations (SDOs) generally set a higher bar for Standards Development Organizations (SDOs) in the aviation community
safety than for security, especially with respect to reliability. generally set a higher bar for safety than for security, especially
Each SDO has its own cultural set of connotations of safety vs with respect to reliability. Each SDO has its own cultural set of
security; the denotative definitions of the International Civil connotations of safety versus security; the denotative definitions of
Aviation Organization (ICAO) are cited in Section 2. the International Civil Aviation Organization (ICAO) are cited in
Section 2.
[Opinion1] and [WG105] cite the Direct Remote Identification (DRI) [Opinion1] and [WG105] cite the Direct Remote Identification (DRI)
previously required and specified, explicitly stating that whereas previously required and specified, explicitly stating that whereas
DRI is primarily for security purposes, the "Network Identification DRI is primarily for security purposes, the "Network Identification
Service" [Opinion1] (in the context of U-space [InitialView]) or Service" [Opinion1] (in the context of U-space [InitialView]) or
"Electronic Identification" [WG105] is primarily for safety purposes "Electronic Identification" [WG105] is primarily for safety purposes
(e.g., Air Traffic Management, especially hazards deconfliction) and (e.g., Air Traffic Management, especially hazards deconfliction) and
also is allowed to be used for other purposes such as support of also is allowed to be used for other purposes such as support of
efficient operations. These emerging standards allow the security efficient operations. These emerging standards allow the security-
and safety oriented systems to be separate or merged. In addition to and safety-oriented systems to be separate or merged. In addition to
mandating both Broadcast and Network one-way to Observers, they will mandating both Broadcast and Network RID one-way to Observers, they
use V2V to other UAS (also likely to and/or from some manned will use Vehicle-to-Vehicle (V2V) to other UAS (also likely to and/or
aircraft). These reflect the broad scope of the European Union (EU) from some manned aircraft). These reflect the broad scope of the
U-space concept, as being developed in the Single European Sky ATM European Union (EU) U-space concept, as being developed in the Single
Research (SESAR) Joint Undertaking, the U-space architectural European Sky ATM Research (SESAR) Joint Undertaking, the U-space
principles of which are outlined in [InitialView]. architectural principles of which are outlined in [InitialView].
ASD-STAN is an Associated Body to CEN (European Committee for ASD-STAN is an Associated Body to CEN (European Committee for
Standardization) for Aerospace Standards. It is publishing an EU Standardization) for Aerospace Standards. It has published an EU
standard "Aerospace series - Unmanned Aircraft Systems - Part 002: standard titled "Aerospace series - Unmanned Aircraft Systems - Part
002: Direct Remote Identification" [ASDSTAN4709-002]; a current
(early 2021) informal overview is freely available in [ASDRI] (note
that [ASDRI] may not precisely reflect the final standard as it was
published before [ASDSTAN4709-002]). It will provide compliance to
cover the identical DRI requirements applicable to drones of the
following classes:
Direct Remote Identification; English version prEN 4709-002:2020" for * C1 ([Delegated], Part 2)
which a current (early 2021) informal overview is freely available in
[ASDRI]. It will provide compliance to cover the identical DRI * C2 ([Delegated], Part 3)
requirements applicable to drones of classes C1 - [Delegated] Part 2,
C2 - [Delegated] Part 3, C3 - [Delegated] Part 4, C5 - [Amended] Part * C3 ([Delegated], Part 4)
16, and C6 - [Amended] Part 17.
* C5 ([Amended], Part 16)
* C6 ([Amended], Part 17)
The standard contemplated in [ASDRI] will provide UA capability to be The standard contemplated in [ASDRI] will provide UA capability to be
identified in real time during the whole duration of the flight, identified in real time during the whole duration of the flight,
without specific connectivity or ground infrastructure link, without specific connectivity or ground infrastructure link,
utilizing existing mobile devices within broadcast range. It will utilizing existing mobile devices within broadcast range. It will
use Bluetooth 4, Bluetooth 5, Wi-Fi Neighbor Awareness Networking use Bluetooth 4, Bluetooth 5, Wi-Fi Neighbor Awareness Networking
(NAN, also known as Wi-Fi Aware, [WiFiNAN]) and/or IEEE 802.11 Beacon (NAN) (also known as "Wi-Fi Aware" [WiFiNAN]), and/or IEEE 802.11
modes. The EU standard emphasis was compatibility with [F3411-19], Beacon modes. The emphasis of the EU standard is compatibility with
although there are differences in mandatory and optional message [F3411-19], although there are differences in mandatory and optional
types and fields. message types and fields.
The [ASDRI] contemplated DRI system will broadcast locally: The DRI system contemplated in [ASDRI] will broadcast the following
locally:
1. the UAS operator registration number; 1. the UAS operator registration number;
2. the [CTA2063A] compliant unique serial number of the UA; 2. the [CTA2063A]-compliant unique serial number of the UA;
3. a time stamp, the geographical position of the UA, and its height 3. a time stamp, the geographical position of the UA, and its height
AGL or above its take-off point; AGL or above its takeoff point;
4. the UA ground speed and route course measured clockwise from true 4. the UA ground speed and route course measured clockwise from true
north; north;
5. the geographical position of the remote pilot, or if that is not 5. the geographical position of the Remote Pilot, or if that is not
available, the geographical position of the UA take-off point; available, the geographical position of the UA takeoff point; and
and
6. for Classes C1, C2, C3, the UAS emergency status. 6. for classes C1, C2, C3, the UAS emergency status.
Under the [ASDRI] contemplated standard, data will be sent in plain Under the standard contemplated in [ASDRI], data will be sent in
text and the UAS operator registration number will be represented as plaintext, and the UAS operator registration number will be
a 16-byte string including the (European) state code. The represented as a 16-byte string including the (European) state code.
corresponding private ID part will contain 3 characters that are not The corresponding private ID part will contain three characters that
broadcast but used by authorities to access regional registration are not broadcast but used by authorities to access regional
databases for verification. registration databases for verification.
ASD-STAN also contemplates corresponding Network Remote ASD-STAN also contemplates corresponding Network Remote
Identification (NRI) functionality. The ASD-STAN RID target is to Identification (NRI) functionality. ASD-STAN plans to revise their
revise their current standard with additional functionality (e.g., current standard with additional functionality (e.g., DRIP) to be
DRIP) to be published before 2022 [ASDRI]. published no later than 2022 [ASDRI].
Security oriented UAS RID essentially has two goals: enable the Security-oriented UAS RID essentially has two goals: 1) enable the
general public to obtain and record an opaque ID for any observed UA, general public to obtain and record an opaque ID for any observed UA,
which they can then report to authorities; and enable authorities, which they can then report to authorities and 2) enable authorities,
from such an ID, to look up information about the UAS and its from such an ID, to look up information about the UAS and its
operator. Safety oriented UAS RID has stronger requirements. operator. Safety-oriented UAS RID has stronger requirements.
Although dynamic establishment of secure communications between the Dynamic establishment of secure communications between the Observer
Observer and the UAS pilot seems to have been contemplated by the FAA and the UAS pilot seems to have been contemplated by the FAA UAS ID
UAS ID and Tracking Aviation Rulemaking Committee (ARC) in their and Tracking Aviation Rulemaking Committee (ARC) in
[Recommendations], it is not addressed in any of the [Recommendations]; however, aside from DRIP, it is not addressed in
subsequent regulations or international SDO technical specifications, any of the subsequent regulations or international SDO technical
other than DRIP, known to the authors as of early 2021. specifications known to the authors as of early 2021.
1.2. Concerns and Constraints 1.2. Concerns and Constraints
Disambiguation of multiple UA flying in close proximity may be very Disambiguation of multiple UA flying in close proximity may be very
challenging, even if each is reporting its identity, position, and challenging, even if each is reporting its identity, position, and
velocity as accurately as it can. velocity as accurately as it can.
The origin of information in UAS RID and UAS Traffic Management (UTM) The origin of information in UAS RID and UAS Traffic Management (UTM)
generally is the UAS or its operator. Self-reports may be initiated generally is the UAS or its operator. Self-reports may be initiated
by the remote pilot at the console of the Ground Control Station by the Remote Pilot at the console of the GCS (the UAS subsystem used
(GCS, the UAS subsystem used to remotely operate the UA), or to remotely operate the UA) or automatically by GCS software; in
automatically by GCS software; in Broadcast RID, they typically would Broadcast RID, they are typically initiated automatically by a
be initiated automatically by a process on the UA. Data in the process on the UA. Data in the reports may come from sensors
reports may come from sensors available to the operator (e.g., radar available to the operator (e.g., radar or cameras), the GCS (e.g.,
or cameras), the GCS (e.g., "dead reckoning" UA location, starting "dead reckoning" UA location, starting from the takeoff location and
from the takeoff location and estimating the displacements due to estimating the displacements due to subsequent piloting commands,
subsequent piloting commands, wind, etc.), or the UA itself (e.g., an wind, etc.), or the UA itself (e.g., an on-board GNSS receiver). In
on-board GNSS receiver); in Broadcast RID, all the data must be sent Broadcast RID, all the data must be sent proximately by the UA, and
proximately by, and most of the data comes ultimately from, the UA most of the data ultimately comes from the UA. Whether information
itself. Whether information comes proximately from the operator, or comes proximately from the operator or from automated systems
from automated systems configured by the operator, there are configured by the operator, there are possibilities of unintentional
possibilities not only of unintentional error in but also of error in and intentional falsification of this data. Mandating UAS
intentional falsification of this data. Mandating UAS RID, RID, specifying data elements required to be sent, monitoring
specifying data elements required to be sent, monitoring compliance compliance, and enforcing compliance (or penalizing non-compliance)
and enforcing it (or penalizing non-compliance) are matters for Civil are matters for Civil Aviation Authorities (CAAs) and potentially
Aviation Authorities (CAAs) et al; specifying message formats, etc. other authorities. Specifying message formats and supporting
to carry those data elements has been addressed by other SDOs; technologies to carry those data elements has been addressed by other
offering technical means, as extensions to external standards, to SDOs. Offering technical means, as extensions to external standards,
facilitate verifiable compliance and enforcement/monitoring, are to facilitate verifiable compliance and enforcement/monitoring is an
opportunities for DRIP. opportunity for DRIP.
Minimal specified information must be made available to the public. Minimal specified information must be made available to the public.
Access to other data, e.g., UAS operator Personally Identifiable Access to other data, e.g., UAS operator Personally Identifiable
Information (PII), must be limited to strongly authenticated Information (PII), must be limited to strongly authenticated
personnel, properly authorized in accordance with applicable policy. personnel, properly authorized in accordance with applicable policy.
The balance between privacy and transparency remains a subject for The balance between privacy and transparency remains a subject for
public debate and regulatory action; DRIP can only offer tools to public debate and regulatory action; DRIP can only offer tools to
expand the achievable trade space and enable trade-offs within that expand the achievable trade space and enable trade-offs within that
space. [F3411-19], the basis for most current (2021) thinking about space. [F3411-19], the basis for most current (2021) thinking about
and efforts to provide UAS RID, specifies only how to get the UAS ID and efforts to provide UAS RID, specifies only how to get the UAS ID
to the Observer: how the Observer can perform these lookups and how to the Observer: how the Observer can perform these lookups and how
the registries first can be populated with information are the registries first can be populated with information are not
unspecified therein. specified therein.
The need for nearly universal deployment of UAS RID is pressing: The need for nearly universal deployment of UAS RID is pressing:
consider how negligible the value of an automobile license plate consider how negligible the value of an automobile license plate
system would be if only 90% of the cars displayed plates. This system would be if only 90% of the cars displayed plates. This
implies the need to support use by Observers of already ubiquitous implies the need to support use by Observers of already-ubiquitous
mobile devices (typically smartphones and tablets). Anticipating CAA mobile devices (typically smartphones and tablets). Anticipating CAA
requirements to support legacy devices, especially in light of requirements to support legacy devices, especially in light of
[Recommendations], [F3411-19] specifies that any UAS sending [Recommendations], [F3411-19] specifies that any UAS sending
Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless
of whether it also does so over newer versions; as UAS sender devices of whether it also does so over newer versions. As UAS sender
and Observer receiver devices are unpaired, this implies extremely devices and Observer receiver devices are unpaired, this unpaired
short "advertisement" (beacon) frames. state requires use of the extremely short BT4 "advertisement"
(beacon) frames.
Wireless data links to or from UA are challenging. Flight is often Wireless data links to or from UA are challenging. Flight is often
amidst structures and foliage at low altitudes over varied terrain. amidst structures and foliage at low altitudes over varied terrain.
UA are constrained in both total energy and instantaneous power by UA are constrained in both total energy and instantaneous power by
their batteries. Small UA imply small antennas. Densely populated their batteries. Small UA imply small antennas. Densely populated
volumes will suffer from link congestion: even if UA in an airspace volumes will suffer from link congestion: even if UA in an airspace
volume are few, other transmitters nearby on the ground, sharing the volume are few, other transmitters nearby on the ground, sharing the
same license free spectral band, may be many. Thus air to air and same license free spectral band, may be many. Thus, air-to-air and
air to ground links will generally be slow and unreliable. air-to-ground links will generally be slow and unreliable.
UAS Cost, Size, Weight, and Power (CSWaP) constraints are severe. UAS Cost, Size, Weight, and Power (CSWaP) constraints are severe.
CSWaP is a burden not only on the designers of new UAS for sale, but CSWaP is a burden not only on the designers of new UAS for sale but
also on owners of existing UAS that must be retrofit. Radio also on owners of existing UAS that must be retrofit. Radio
Controlled (RC) aircraft modelers, "hams" who use licensed amateur Controlled (RC) aircraft modelers, "hams" who use licensed amateur
radio frequencies to control UAS, drone hobbyists, and others who radio frequencies to control UAS, drone hobbyists, and others who
custom build UAS, all need means of participating in UAS RID, custom build UAS all need means of participating in UAS RID that are
sensitive to both generic CSWaP and application-specific sensitive to both generic CSWaP and application-specific
considerations. considerations.
To accommodate the most severely constrained cases, all these To accommodate the most severely constrained cases, all of the
conspire to motivate system design decisions that complicate the concerns described above conspire to motivate system design decisions
protocol design problem. that complicate the protocol design problem.
Broadcast RID uses one-way local data links. UAS may have Internet Broadcast RID uses one-way local data links. UAS may have Internet
connectivity only intermittently, or not at all, during flight. connectivity only intermittently, or not at all, during flight.
Internet-disconnected operation of Observer devices has been deemed Internet-disconnected operation of Observer devices has been deemed
by ASTM F38.02 too infrequent to address. However, the preamble to by ASTM F38.02 as too infrequent to address. However, the preamble
[FRUR] cites "remote and rural areas that do not have reliable to [FRUR] cites "remote and rural areas that do not have reliable
Internet access" as a major reason for requiring Broadcast rather Internet access" as a major reason for requiring Broadcast rather
than Network RID, and states that "Personal wireless devices that are than Network RID. [FRUR] also states:
capable of receiving 47 CFR part 15 frequencies, such as smart
phones, tablets, or other similar commercially available devices, | Personal wireless devices that are capable of receiving 47 CFR
will be able to receive broadcast remote identification information | part 15 frequencies, such as smart phones, tablets, or other
directly without reliance on an Internet connection". Internet- | similar commercially available devices, will be able to receive
disconnected operation presents challenges, e.g., for Observers | broadcast remote identification information directly without
needing access to the [F3411-19] web based Broadcast Authentication | reliance on an Internet connection.
Verifier Service or needing to do external lookups.
Internet-disconnected operation presents challenges, e.g., for
Observers needing access to the [F3411-19] web-based Broadcast
Authentication Verifier Service or needing to do external lookups.
As RID must often operate within these constraints, heavyweight As RID must often operate within these constraints, heavyweight
cryptographic security protocols or even simple cryptographic cryptographic security protocols or even simple cryptographic
handshakes are infeasible, yet trustworthiness of UAS RID information handshakes are infeasible, yet trustworthiness of UAS RID information
is essential. Under [F3411-19], _even the most basic datum, the UAS is essential. Under [F3411-19], _even the most basic datum, the UAS
ID itself, can be merely an unsubstantiated claim_. ID itself, can be merely an unsubstantiated claim_.
Observer devices being ubiquitous, thus popular targets for malware Observer devices are ubiquitous; thus, they are popular targets for
or other compromise, cannot be generally trusted (although the user malware or other compromise, so they cannot be generally trusted
of each device is compelled to trust that device, to some extent); a (although the user of each device is compelled to trust that device,
"fair witness" functionality (inspired by [Stranger]) is desirable. to some extent). A "fair witness" functionality (inspired by
[Stranger]) is desirable.
Despite work by regulators and SDOs, there are substantial gaps in Despite work by regulators and SDOs, there are substantial gaps in
UAS standards generally and UAS RID specifically. [Roadmap] catalogs UAS standards generally and UAS RID specifically. [Roadmap] catalogs
UAS related standards, ongoing standardization activities and gaps UAS-related standards, ongoing standardization activities, and gaps
(as of 2020); Section 7.8 catalogs those related specifically to UAS (as of 2020); Section 7.8 catalogs those related specifically to UAS
RID. DRIP will address the most fundamental of these gaps, as RID. DRIP will address the most fundamental of these gaps, as
foreshadowed above. foreshadowed above.
1.3. DRIP Scope 1.3. DRIP Scope
DRIP's initial charter is to make RID immediately actionable, in both DRIP's initial objective is to make RID immediately actionable,
Internet and local-only connected scenarios (especially emergencies), especially in emergencies, in severely constrained UAS environments
in severely constrained UAS environments, balancing legitimate (e.g., (both Internet and local-only connected scenarios), balancing
public safety) authorities' Need To Know trustworthy information with legitimate (e.g., public safety) authorities' Need To Know
UAS operators' privacy. By "immediately actionable" is meant trustworthy information with UAS operators' privacy. The phrase
information of sufficient precision, accuracy, timeliness, etc. for "immediately actionable" means information of sufficient precision,
an Observer to use it as the basis for immediate decisive action, accuracy, and timeliness for an Observer to use it as the basis for
whether that be to trigger a defensive counter-UAS system, to attempt immediate decisive action (e.g., triggering a defensive counter-UAS
to initiate communications with the UAS operator, to accept the system, attempting to initiate communications with the UAS operator,
presence of the UAS in the airspace where/when observed as not accepting the presence of the UAS in the airspace where/when observed
requiring further action, or whatever, with potentially severe as not requiring further action, etc.) with potentially severe
consequences of any action or inaction chosen based on that consequences of any action or inaction chosen based on that
information. For further explanation of the concept of immediate information. For further explanation of the concept of immediate
actionability, see [ENISACSIRT]. actionability, see [ENISACSIRT].
Note that UAS RID must achieve nearly universal adoption, but DRIP Note that UAS RID must achieve nearly universal adoption, but DRIP
can add value even if only selectively deployed. Authorities with can add value even if only selectively deployed. Authorities with
jurisdiction over more sensitive airspace volumes may set a higher jurisdiction over more sensitive airspace volumes may set a RID
than generally mandated RID requirement for flight in such volumes. requirement, for flight in such volumes, that is higher than
Those with a greater need for high-confidence IFF can equip with generally mandated. Those with a greater need for high-confidence
DRIP, enabling strong authentication of their own aircraft and allied IFF can equip with DRIP, enabling strong authentication of their own
operators without regard for the weaker (if any) authentication of aircraft and allied operators without regard for the weaker (if any)
others. authentication of others.
DRIP (originally Trustworthy Multipurpose Remote Identification, TM- DRIP (originally "Trustworthy Multipurpose Remote Identification (TM-
RID) potentially could be applied to verifiably identify other types RID)") could be applied to verifiably identify other types of
of registered things reported to be in specified physical locations, registered things reported to be in specified physical locations.
and providing timely trustworthy identification data is also Providing timely trustworthy identification data is also prerequisite
prerequisite to identity-oriented networking, but the urgent to identity-oriented networking. Despite the value of DRIP to these
motivation and clear initial focus is UAS. Existing Internet and other potential applications, UAS RID is the urgent motivation
resources (protocol standards, services, infrastructure, and business and clear initial focus of DRIP. Existing Internet resources
models) should be leveraged. (protocol standards, services, infrastructure, and business models)
should be leveraged.
1.4. Document Scope 1.4. Document Scope
This document describes the problem space for UAS RID conforming to This document describes the problem space for UAS RID conforming to
proposed regulations and external technical standards, defines common proposed regulations and external technical standards, defines common
terminology, specifies numbered requirements for DRIP, identifies terminology, specifies numbered requirements for DRIP, identifies
some important considerations (IANA, security, privacy and some important considerations (IANA, security, privacy, and
transparency), and discusses limitations. transparency), and discusses limitations.
A natural Internet-based approach to meet these requirements is A natural Internet-based approach to meet these requirements is
described in a companion architecture document [drip-architecture] described in a companion architecture document [DRIP-ARCH] and
and elaborated in other DRIP documents. elaborated in other DRIP documents.
2. Terms and Definitions 2. Terms and Definitions
2.1. Requirements Terminology 2.1. Requirements Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2.2. Definitions 2.2. Definitions
This section defines a non-comprehensive set of terms expected to be This section defines a non-comprehensive set of terms expected to be
used in DRIP documents. This list is meant to be the DRIP used in DRIP documents. This list is meant to be the DRIP
terminology reference; as such, some of the terms listed below are terminology reference; as such, some of the terms listed below are
not used in this document. not used in this document.
To encourage comprehension necessary for adoption of DRIP by the
intended user community, the UAS community's norms are respected
herein, and definitions are quoted in cases where they have been
found in that community's documents. Most of the terms listed below
are from that community (even if specific source documents are not
cited); any terms that are DRIP-specific or defined by this document
are marked "(DRIP)".
Note that, in the UAS community, the plural form of an acronym,
generally, is the same as the singular form, e.g., Unmanned Aircraft
System (singular) and Unmanned Aircraft Systems (plural) are both
represented as UAS.
[RFC4949] provides a glossary of Internet security terms that should [RFC4949] provides a glossary of Internet security terms that should
be used where applicable. be used where applicable.
In the UAS community, the plural form of acronyms generally is the
same as the singular form, e.g., Unmanned Aircraft System (singular)
and Unmanned Aircraft Systems (plural) are both represented as UAS.
On this and other terminological issues, to encourage comprehension
necessary for adoption of DRIP by the intended user community, that
community's norms are respected herein, and definitions are quoted in
cases where they have been found in that community's documents. Most
of the listed terms are from that community (even if specific source
documents are not cited); any that are DRIP-specific or invented by
the authors of this document are marked "(DRIP)".
4-D 4-D
Four-dimensional. Latitude, Longitude, Altitude, Time. Used Four-dimensional. Latitude, Longitude, Altitude, Time. Used
especially to delineate an airspace volume in which an operation especially to delineate an airspace volume in which an operation
is being or will be conducted. is being or will be conducted.
AAA AAA
Attestation, Authentication, Authorization, Access Control, Attestation, Authentication, Authorization, Access Control,
Accounting, Attribution, Audit, or any subset thereof (uses differ Accounting, Attribution, Audit, or any subset thereof (uses differ
by application, author, and context). (DRIP) by application, author, and context). (DRIP)
ABDAA ABDAA
AirBorne DAA. Accomplished using systems onboard the aircraft AirBorne DAA. Accomplished using systems onboard the aircraft
involved. Supports "self-separation" (remaining "well clear" of involved. Supports "self-separation" (remaining "well clear" of
other aircraft) and collision avoidance. other aircraft) and collision avoidance.
ADS-B ADS-B
Automatic Dependent Surveillance - Broadcast. "ADS-B Out" Automatic Dependent Surveillance - Broadcast. "ADS-B Out"
equipment obtains aircraft position from other on-board systems equipment obtains aircraft position from other on-board systems
(typically GNSS) and periodically broadcasts it to "ADS-B In" (typically GNSS) and periodically broadcasts it to "ADS-B In"
equipped entities, including other aircraft, ground stations, and equipped entities, including other aircraft, ground stations, and
satellite based monitoring systems. satellite-based monitoring systems.
AGL AGL
Above Ground Level. Relative altitude, above the variously Above Ground Level. Relative altitude, above the variously
defined local ground level, typically of a UA, measured in feet or defined local ground level, typically of a UA, measured in feet or
meters. Should be explicitly specified as either barometric meters. Should be explicitly specified as either barometric
(pressure) or geodetic (GNSS) altitude. (pressure) or geodetic (GNSS) altitude.
ATC ATC
Air Traffic Control. Explicit flight direction to pilots from Air Traffic Control. Explicit flight direction to pilots from
ground controllers. Contrast with ATM. ground controllers. Contrast with ATM.
ATM ATM
Air Traffic Management. A broader functional and geographic scope Air Traffic Management. A broader functional and geographic scope
and/or a higher layer of abstraction than ATC. "The dynamic, and/or a higher layer of abstraction than ATC. [ICAOATM] defines
integrated management of air traffic and airspace including air ATM as the following: "The dynamic, integrated management of air
traffic services, airspace management and air traffic flow traffic and airspace including air traffic services, airspace
management - safely, economically and efficiently - through the management and air traffic flow management -- safely, economically
provision of facilities and seamless services in collaboration and efficiently -- through the provision of facilities and
with all parties and involving airborne and ground-based seamless services in collaboration with all parties and involving
functions" [ICAOATM]. airborne and ground-based functions".
Authentication Message Authentication Message
[F3411-19] Message Type 2. Provides framing for authentication [F3411-19] Message Type 2. Provides framing for authentication
data, only; the only message that can be extended in length by data only; the only message that can be extended in length by
segmenting it across more than one page. segmenting it across more than one page.
Basic ID Message Basic ID Message
[F3411-19] Message Type 0. Provides UA Type, UAS ID Type (and [F3411-19] Message Type 0. Provides UA Type, ID Type (and
Specific Session ID subtype if applicable), and UAS ID, only. Specific Session ID subtype if applicable), and UAS ID only.
Broadcast Authentication Verifier Service Broadcast Authentication Verifier Service
System component designed to handle any authentication of System component designed to handle any authentication of
Broadcast RID by offloading signature verification to a web Broadcast RID by offloading signature verification to a web
service [F3411-19]. service [F3411-19].
BVLOS BVLOS
Beyond Visual Line Of Sight. See VLOS. Beyond Visual Line Of Sight. See VLOS.
byte byte
Used here in its now-customary sense as a synonym for "octet", as Used here in its now-customary sense as a synonym for "octet", as
"byte" is used exclusively in definitions of data structures "byte" is used exclusively in definitions of data structures
specified in [F3411-19] specified in [F3411-19].
CAA CAA
Civil Aviation Authority of a regulatory jurisdiction. Often so Civil Aviation Authority of a regulatory jurisdiction. Often so
named, but other examples include the United States Federal named, but other examples include the United States Federal
Aviation Administration (FAA) and the Japan Civil Aviation Bureau. Aviation Administration (FAA) and the Japan Civil Aviation Bureau.
CSWaP CSWaP
Cost, Size, Weight, and Power. Cost, Size, Weight, and Power
C2 C2
Command and Control. Previously mostly used in military contexts. Command and Control. Previously mostly used in military contexts.
Properly refers to a function, exercisable over arbitrary Properly refers to a function that is exercisable over arbitrary
communications; but in the small UAS context, often refers to the communications, but in the small UAS context, often refers to the
communications (typically RF data link) over which the GCS communications (typically RF data link) over which the GCS
controls the UA. controls the UA.
DAA DAA
Detect And Avoid, formerly Sense And Avoid (SAA). A means of Detect And Avoid, formerly "Sense And Avoid (SAA)". A means of
keeping aircraft "well clear" of each other and obstacles for keeping aircraft "well clear" of each other and obstacles for
safety. "The capability to see, sense or detect conflicting safety. [ICAOUAS] defines DAA as the following: "The capability
traffic or other hazards and take the appropriate action to comply to see, sense or detect conflicting traffic or other hazards and
with the applicable rules of flight" [ICAOUAS]. take the appropriate action to comply with the applicable rules of
flight".
DRI (not to be confused with DRIP) DRI (not to be confused with DRIP)
Direct Remote Identification. EU regulatory requirement for "a Direct Remote Identification. EU regulatory requirement for "a
system that ensures the local broadcast of information about a UA system that ensures the local broadcast of information about a UA
in operation, including the marking of the UA, so that this in operation, including the marking of the UA, so that this
information can be obtained without physical access to the UA". information can be obtained without physical access to the UA"
[Delegated] that presumably can be satisfied with appropriately [Delegated]. This requirement can presumably be satisfied with
configured [F3411-19] Broadcast RID. appropriately configured [F3411-19] Broadcast RID.
DSS DSS
Discovery and Synchronization Service. The UTM system overlay Discovery and Synchronization Service. The UTM system overlay
network backbone. Most importantly, it enables one USS to learn network backbone. Most importantly, it enables one USS to learn
which other USS have UAS operating in a given 4-D airspace volume, which other USS have UAS operating in a given 4-D airspace volume,
for strategic deconfliction of planned operations and Network RID for strategic deconfliction of planned operations and Network RID
surveillance of active operations. [F3411-19] surveillance of active operations. See [F3411-19].
EUROCAE EUROCAE
European Organisation for Civil Aviation Equipment. Aviation SDO, European Organisation for Civil Aviation Equipment. Aviation SDO,
originally European, now with broader membership. Cooperates originally European, now with broader membership. Cooperates
extensively with RTCA. extensively with RTCA.
GBDAA GBDAA
Ground Based DAA. Accomplished with the aid of ground based Ground-Based DAA. Accomplished with the aid of ground-based
functions. functions.
GCS GCS
Ground Control Station. The part of the UAS that the remote pilot Ground Control Station. The part of the UAS that the Remote Pilot
uses to exercise C2 over the UA, whether by remotely exercising UA uses to exercise C2 over the UA, whether by remotely exercising UA
flight controls to fly the UA, by setting GNSS waypoints, or flight controls to fly the UA, by setting GNSS waypoints, or by
otherwise directing its flight. otherwise directing its flight.
GNSS GNSS
Global Navigation Satellite System. Satellite based timing and/or Global Navigation Satellite System. Satellite-based timing and/or
positioning with global coverage, often used to support positioning with global coverage, often used to support
navigation. navigation.
GPS GPS
Global Positioning System. A specific GNSS, but in the UAS Global Positioning System. A specific GNSS, but in the UAS
context, the term is typically misused in place of the more context, the term is typically misused in place of the more
generic term GNSS. generic term "GNSS".
GRAIN GRAIN
Global Resilient Aviation Interoperable Network. ICAO managed Global Resilient Aviation Interoperable Network. ICAO-managed
IPv6 overlay internetwork based on IATF, dedicated to aviation IPv6 overlay internetwork based on IATF that is dedicated to
(but not just aircraft). Currently (2021) in design, aviation (but not just aircraft). As currently (2021) designed,
accommodating the proposed DRIP identifier. it accommodates the proposed DRIP identifier.
IATF IATF
International Aviation Trust Framework. ICAO effort to develop a International Aviation Trust Framework. ICAO effort to develop a
resilient and secure by design framework for networking in support resilient and secure by design framework for networking in support
of all aspects of aviation. of all aspects of aviation.
ICAO ICAO
International Civil Aviation Organization. A United Nations International Civil Aviation Organization. A specialized agency
specialized agency that develops and harmonizes international of the United Nations that develops and harmonizes international
standards relating to aviation. standards relating to aviation.
IFF IFF
Identification Friend or Foe. Originally, and in its narrow sense Identification Friend or Foe. Originally, and in its narrow sense
still, a self-identification broadcast in response to still, a self-identification broadcast in response to
interrogation via radar, to reduce friendly fire incidents, which interrogation via radar to reduce friendly fire incidents, which
led to military and commercial transponder systems such as ADS-B. led to military and commercial transponder systems such as ADS-B.
In the broader sense used here, any process intended to In the broader sense used here, any process intended to
distinguish friendly from potentially hostile UA or other entities distinguish friendly from potentially hostile UA or other entities
encountered. encountered.
LAANC LAANC
Low Altitude Authorization and Notification Capability. Supports Low Altitude Authorization and Notification Capability. Supports
ATC authorization requirements for UAS operations: remote pilots ATC authorization requirements for UAS operations: Remote Pilots
can apply to receive a near real-time authorization for operations can apply to receive a near real-time authorization for operations
under 400 feet in controlled airspace near airports. FAA under 400 feet in controlled airspace near airports. FAA-
authorized partial stopgap in the US until UTM comes. authorized partial stopgap in the US until UTM comes.
Location/Vector Message Location/Vector Message
[F3411-19] Message Type 1. Provides UA location, altitude, [F3411-19] Message Type 1. Provides UA location, altitude,
heading, speed, and status. heading, speed, and status.
LOS LOS
Line Of Sight. An adjectival phrase describing any information Line Of Sight. An adjectival phrase describing any information
transfer that travels in a nearly straight line (e.g., transfer that travels in a nearly straight line (e.g.,
electromagnetic energy, whether in the visual light, RF, or other electromagnetic energy, whether in the visual light, RF, or other
skipping to change at page 16, line 7 skipping to change at line 757
Message Pack Message Pack
[F3411-19] Message Type 15. The framed concatenation, in message [F3411-19] Message Type 15. The framed concatenation, in message
type index order, of at most one message of each type of any type index order, of at most one message of each type of any
subset of the other types. Required to be sent in Wi-Fi NAN and subset of the other types. Required to be sent in Wi-Fi NAN and
in Bluetooth 5 Extended Advertisements, if those media are used; in Bluetooth 5 Extended Advertisements, if those media are used;
cannot be sent in Bluetooth 4. cannot be sent in Bluetooth 4.
MSL MSL
Mean Sea Level. Shorthand for relative altitude, above the Mean Sea Level. Shorthand for relative altitude, above the
variously defined mean sea level, typically of a UA (but in [FRUR] variously defined mean sea level, typically of a UA (but in
also for a GCS), measured in feet or meters. Should be explicitly [FRUR], also for a GCS), measured in feet or meters. Should be
specified as either barometric (pressure) or geodetic (e.g., as explicitly specified as either barometric (pressure) or geodetic
indicated by GNSS, referenced to the WGS84 ellipsoid). (e.g., as indicated by GNSS, referenced to the WGS84 ellipsoid).
Net-RID DP Net-RID DP
Network RID Display Provider. [F3411-19] logical entity that Network RID Display Provider. [F3411-19] logical entity that
aggregates data from Net-RID SPs as needed in response to user aggregates data from Net-RID SPs as needed in response to user
queries regarding UAS operating within specified airspace volumes, queries regarding UAS operating within specified airspace volumes
to enable display by a user application on a user device. to enable display by a user application on a user device.
Potentially could provide not only information sent via UAS RID Potentially could provide not only information sent via UAS RID
but also information retrieved from UAS RID registries or but also information retrieved from UAS RID registries or
information beyond UAS RID. Under superseded [NPRM], not information beyond UAS RID. Under superseded [NPRM], not
recognized as a distinct entity, but a service provided by USS, recognized as a distinct entity, but as a service provided by USS,
including Public Safety USS that may exist primarily for this including public safety USS that may exist primarily for this
purpose rather than to manage any subscribed UAS. purpose rather than to manage any subscribed UAS.
Net-RID SP Net-RID SP
Network RID Service Provider. [F3411-19] logical entity that Network RID Service Provider. [F3411-19] logical entity that
collects RID messages from UAS and responds to NetRID-DP queries collects RID messages from UAS and responds to Net-RID DP queries
for information on UAS of which it is aware. Under superseded for information on UAS of which it is aware. Under superseded
[NPRM], the USS to which the UAS is subscribed ("Remote ID USS"). [NPRM], the USS to which the UAS is subscribed (i.e., the "Remote
ID USS").
Network Identification Service Network Identification Service
EU regulatory requirement in [Opinion1] and [WG105] that EU regulatory requirement in [Opinion1], corresponding to the
presumably can be satisfied with appropriately configured Electronic Identification for which Minimum Operational
[F3411-19] Network RID. Performance Standards are specified in [WG105], which presumably
can be satisfied with appropriately configured [F3411-19] Network
RID.
Observer Observer
An entity (typically but not necessarily an individual human) who An entity (typically, but not necessarily, an individual human)
has directly or indirectly observed a UA and wishes to know who has directly or indirectly observed a UA and wishes to know
something about it, starting with its ID. An Observer typically something about it, starting with its ID. An Observer typically
is on the ground and local (within VLOS of an observed UA), but is on the ground and local (within VLOS of an observed UA), but
could be remote (observing via Network RID or other surveillance), could be remote (observing via Network RID or other surveillance),
operating another UA, aboard another aircraft, etc. (DRIP) operating another UA, aboard another aircraft, etc. (DRIP)
Operation Operation
A flight, or series of flights of the same mission, by the same A flight, or series of flights of the same mission, by the same
UAS, separated by at most brief ground intervals. (Inferred from UAS, separated by, at most, brief ground intervals. (Inferred
UTM usage, no formal definition found) from UTM usage; no formal definition found.)
Operator Operator
"A person, organization or enterprise engaged in or offering to "A person, organization or enterprise engaged in or offering to
engage in an aircraft operation" [ICAOUAS]. engage in an aircraft operation" [ICAOUAS].
Operator ID Message Operator ID Message
[F3411-19] Message Type 5. Provides CAA issued Operator ID, only. [F3411-19] Message Type 5. Provides CAA-issued Operator ID only.
Operator ID is distinct from UAS ID. Operator ID is distinct from UAS ID.
page page
Payload of a frame, containing a chunk of a message that has been Payload of a frame, containing a chunk of a message that has been
segmented, to allow transport of a message longer than can be segmented, that allows transport of a message longer than can be
encapsulated in a single frame. [F3411-19] encapsulated in a single frame. See [F3411-19].
PIC PIC
Pilot In Command. "The pilot designated by the operator, or in Pilot In Command. "The pilot designated by the operator, or in
the case of general aviation, the owner, as being in command and the case of general aviation, the owner, as being in command and
charged with the safe conduct of a flight" [ICAOUAS]. charged with the safe conduct of a flight" [ICAOUAS].
PII PII
Personally Identifiable Information. In the UAS RID context, Personally Identifiable Information. In the UAS RID context,
typically of the UAS Operator, Pilot In Command (PIC), or Remote typically of the UAS Operator, PIC, or Remote Pilot, but possibly
Pilot, but possibly of an Observer or other party. This specific of an Observer or other party. This specific term is used
term is used primarily in the US; other terms with essentially the primarily in the US; other terms with essentially the same meaning
same meaning are more common in other jurisdictions (e.g., are more common in other jurisdictions (e.g., "personal data" in
"personal data" in the EU). Used herein generically to refer to the EU). Used herein generically to refer to personal information
personal information, which the person might wish to keep private, that the person might wish to keep private or may have a
or may have a statutorily recognized right to keep private (e.g., statutorily recognized right to keep private (e.g., under the EU
under the EU [GDPR]), potentially imposing (legally or ethically) [GDPR]), potentially imposing (legally or ethically) a
a confidentiality requirement on protocols/systems. confidentiality requirement on protocols/systems.
Remote Pilot Remote Pilot
A pilot using a GCS to exercise proximate control of a UA. Either A pilot using a GCS to exercise proximate control of a UA. Either
the PIC or under the supervision of the PIC. "The person who the PIC or under the supervision of the PIC. "The person who
manipulates the flight controls of a remotely-piloted aircraft manipulates the flight controls of a remotely-piloted aircraft
during flight time" [ICAOUAS]. during flight time" [ICAOUAS].
RF RF
Radio Frequency. Adjective, e.g., "RF link", or noun. Radio Frequency. Can be used as an adjective (e.g., "RF link") or
as a noun.
RF LOS RF LOS
RF Line Of Sight. Typically used in describing a direct radio RF Line Of Sight. Typically used in describing a direct radio
link between a GCS and the UA under its control, potentially link between a GCS and the UA under its control, potentially
subject to blockage by foliage, structures, terrain, or other subject to blockage by foliage, structures, terrain, or other
vehicles, but less so than VLOS. vehicles, but less so than VLOS.
RTCA RTCA
Radio Technical Commission for Aeronautics. US aviation SDO. Radio Technical Commission for Aeronautics. US aviation SDO.
Cooperates extensively with EUROCAE. Cooperates extensively with EUROCAE.
Safety Safety
"The state in which risks associated with aviation activities, "The state in which risks associated with aviation activities,
related to, or in direct support of the operation of aircraft, are related to, or in direct support of the operation of aircraft, are
reduced and controlled to an acceptable level." From Annex 19 of reduced and controlled to an acceptable level" (from Annex 19 of
the Chicago Convention, quoted in [ICAODEFS] the Chicago Convention, quoted in [ICAODEFS]).
Security Security
"Safeguarding civil aviation against acts of unlawful "Safeguarding civil aviation against acts of unlawful
interference." From Annex 17 of the Chicago Convention, quoted in interference" (from Annex 17 of the Chicago Convention, quoted in
[ICAODEFS] [ICAODEFS]).
Self-ID Message Self-ID Message
[F3411-19] Message Type 3. Provides a 1 byte descriptor and 23 [F3411-19] Message Type 3. Provides a 1-byte descriptor and
byte ASCII free text field, only. Expected to be used to provide 23-byte ASCII free text field, only. Expected to be used to
context on the operation, e.g., mission intent. provide context on the operation, e.g., mission intent.
SDO SDO
Standards Development Organization. ASTM, IETF, et al. Standards Development Organization, such as ASTM, IETF, etc.
SDSP SDSP
Supplemental Data Service Provider. An entity that participates Supplemental Data Service Provider. An entity that participates
in the UTM system, but provides services beyond those specified as in the UTM system but provides services (e.g., weather data)
basic UTM system functions (e.g., weather data). [FAACONOPS] beyond those specified as basic UTM system functions. See
[FAACONOPS].
System Message System Message
[F3411-19] Message Type 4. Provides general UAS information, [F3411-19] Message Type 4. Provides general UAS information,
including remote pilot location, multiple UA group operational including Remote Pilot location, multiple UA group operational
area, etc. area, etc.
U-space U-space
EU concept and emerging framework for integration of UAS into all EU concept and emerging framework for integration of UAS into all
classes of airspace, specifically including high density urban types of airspace, including but not limited to volumes that are
areas, sharing airspace with manned aircraft [InitialView]. in high-density urban areas and/or shared with manned aircraft
[InitialView].
UA UA
Unmanned Aircraft. In popular parlance, "drone". "An aircraft Unmanned Aircraft. In popular parlance, "drone". "An aircraft
which is intended to operate with no pilot on board" [ICAOUAS]. which is intended to operate with no pilot on board" [ICAOUAS].
UAS UAS
Unmanned Aircraft System. Composed of UA, all required on-board Unmanned Aircraft System. Composed of UA, all required on-board
subsystems, payload, control station, other required off-board subsystems, payload, control station, other required off-board
subsystems, any required launch and recovery equipment, all subsystems, any required launch and recovery equipment, all
required crew members, and C2 links between UA and control station required crew members, and C2 links between UA and control station
[F3411-19]. [F3411-19].
UAS ID UAS ID
UAS identifier. Although called "UAS ID", it is actually unique UAS identifier. Although called "UAS ID", it is actually unique
to the UA, neither to the operator (as some UAS registration to the UA, neither to the operator (as some UAS registration
numbers have been and for exclusively recreational purposes are numbers have been and for exclusively recreational purposes are
continuing to be assigned), nor to the combination of GCS and UA continuing to be assigned), nor to the combination of GCS and UA
that comprise the UAS. _Maximum length of 20 bytes_ [F3411-19]. that comprise the UAS. _Maximum length of 20 bytes_ [F3411-19].
If the UAS ID Type is 4, the proposed Specific Session ID, then If the ID Type is 4, the proposed Specific Session ID, then the 20
the 20 bytes includes the subtype index, leaving only 19 bytes for bytes includes the subtype index, leaving only 19 bytes for the
the actual identifier. actual identifier.
UAS ID Type ID Type
UAS Identifier type index. 4 bits, see Section 3, Paragraph 6 for UAS identifier type index. 4 bits. See Section 3, Paragraph 6 for
currently defined values 0-3. [F3411-19] current standard values 0-3 and currently proposed additional
value 4. See also [F3411-19].
UAS RID UAS RID
UAS Remote Identification and tracking. System to enable UAS Remote Identification and tracking. System to enable
arbitrary Observers to identify UA during flight. arbitrary Observers to identify UA during flight.
USS USS
UAS Service Supplier. "A USS is an entity that assists UAS UAS Service Supplier. "A USS is an entity that assists UAS
Operators with meeting UTM operational requirements that enable Operators with meeting UTM operational requirements that enable
safe and efficient use of airspace" and "... provide services to safe and efficient use of airspace" [FAACONOPS]. In addition,
support the UAS community, to connect Operators and other entities "USSs provide services to support the UAS community, to connect
to enable information flow across the USS Network, and to promote Operators and other entities to enable information flow across the
shared situational awareness among UTM participants" [FAACONOPS]. USS Network, and to promote shared situational awareness among UTM
participants" [FAACONOPS].
UTM UTM
UAS Traffic Management. "A specific aspect of air traffic UAS Traffic Management. "A specific aspect of air traffic
management which manages UAS operations safely, economically and management which manages UAS operations safely, economically and
efficiently through the provision of facilities and a seamless set efficiently through the provision of facilities and a seamless set
of services in collaboration with all parties and involving of services in collaboration with all parties and involving
airborne and ground-based functions" [ICAOUTM]. In the US, airborne and ground-based functions" [ICAOUTM]. In the US,
according to the FAA, a "traffic management" ecosystem for according to the FAA, a "traffic management" ecosystem for
"uncontrolled" low altitude UAS operations, separate from, but "uncontrolled" UAS operations at low altitudes, separate from, but
complementary to, the FAA's ATC system for "controlled" operations complementary to, the FAA's ATC system for "controlled" operations
of manned aircraft. of manned aircraft.
V2V V2V
Vehicle-to-Vehicle. Originally communications between Vehicle-to-Vehicle. Originally communications between
automobiles, now extended to apply to communications between automobiles, now extended to apply to communications between
vehicles generally. Often, together with Vehicle-to- vehicles generally. Often, together with Vehicle-to-
Infrastructure (V2I) etc., generalized to V2X. Infrastructure (V2I) and similar functions, generalized to V2X.
VLOS VLOS
Visual Line Of Sight. Typically used in describing operation of a Visual Line Of Sight. Typically used in describing operation of a
UA by a "remote" pilot who can clearly directly (without video UA by a "remote" pilot who can clearly and directly (without video
cameras or any aids other than glasses or under some rules cameras or any aids other than glasses or, under some rules,
binoculars) see the UA and its immediate flight environment. binoculars) see the UA and its immediate flight environment.
Potentially subject to blockage by foliage, structures, terrain, Potentially subject to blockage by foliage, structures, terrain,
or other vehicles, more so than RF LOS. or other vehicles, more so than RF LOS.
3. UAS RID Problem Space 3. UAS RID Problem Space
CAAs worldwide are mandating UAS RID. The European Union Aviation CAAs worldwide are mandating UAS RID. The European Union Aviation
Safety Agency (EASA) has published [Delegated] and [Implementing] Safety Agency (EASA) has published [Delegated] and [Implementing]
Regulations. The US FAA has published a "final" rule [FRUR] and has regulations. The US FAA has published a "final" rule [FRUR] and has
described the key role that UAS RID plays in UAS Traffic Management described the key role that UAS RID plays in UAS Traffic Management
(UTM) in [FAACONOPS] (especially Section 2.6). CAAs currently (2021) (UTM) in [FAACONOPS] (especially Section 2.6). At the time of
promulgate performance-based regulations that do not specify writing, CAAs promulgate performance-based regulations that do not
techniques, but rather cite industry consensus technical standards as specify techniques but rather cite industry consensus technical
acceptable means of compliance. standards as acceptable means of compliance.
The most widely cited such industry consensus technical standard for The most widely cited such industry consensus technical standard for
UAS RID is [F3411-19], which defines two means of UAS RID: UAS RID is [F3411-19], which defines two means of UAS RID:
Network RID defines a set of information for UAS to make available * Network RID defines a set of information for UAS to make available
globally indirectly via the Internet, through servers that can be globally indirectly via the Internet, through servers that can be
queried by Observers. queried by Observers.
Broadcast RID defines a set of messages for UA to transmit locally * Broadcast RID defines a set of messages for UA to transmit locally
directly one-way over Bluetooth or Wi-Fi (without IP or any other directly one-way over Bluetooth or Wi-Fi (without IP or any other
protocols between the data link and application layers), to be protocols between the data link and application layers), to be
received in real time by local Observers. received in real time by local Observers.
UAS using both means must send the same UAS RID application layer UAS using both means must send the same UAS RID application-layer
information via each [F3411-19]. The presentation may differ, as information via each [F3411-19]. The presentation may differ, as
Network RID defines a data dictionary, whereas Broadcast RID defines Network RID defines a data dictionary, whereas Broadcast RID defines
message formats (which carry items from that same data dictionary). message formats (which carry items from that same data dictionary).
The interval (or rate) at which it is sent may differ, as Network RID The interval (or rate) at which it is sent may differ, as Network RID
can accommodate Observer queries asynchronous to UAS updates (which can accommodate Observer queries asynchronous to UAS updates (which
generally need be sent only when information, such as location, generally need be sent only when information, such as location,
changes), whereas Broadcast RID depends upon Observers receiving UA changes), whereas Broadcast RID depends upon Observers receiving UA
messages at the time they are transmitted. messages at the time they are transmitted.
Network RID depends upon Internet connectivity in several segments Network RID depends upon Internet connectivity in several segments
from the UAS to each Observer. Broadcast RID should need Internet from the UAS to each Observer. Broadcast RID should need Internet
(or other Wide Area Network) connectivity only to retrieve UAS (or other Wide Area Network) connectivity only to retrieve registry
registry information using the directly locally received UAS information, using, as the primary unique key for database lookup,
Identifier (UAS ID) as the primary unique key for database lookup. the UAS Identifier (UAS ID) that was directly locally received.
Broadcast RID does not assume IP connectivity of UAS; messages are Broadcast RID does not assume IP connectivity of UAS; messages are
encapsulated by the UA _without IP_, directly in link layer frames encapsulated by the UA _without IP_, directly in link-layer frames
(Bluetooth 4, Bluetooth 5, Wi-Fi NAN, IEEE 802.11 Beacon, or in the (Bluetooth 4, Bluetooth 5, Wi-Fi NAN, IEEE 802.11 Beacon, or perhaps
future perhaps others). others in the future).
[F3411-19] specifies three UAS ID Type values and its currently [F3411-19] specifies three ID Type values, and its proposed revision
(August 2021) proposed revision adds a fourth: (at the time of writing) adds a fourth:
1 A static, manufacturer assigned, hardware serial number as defined 1 A static, manufacturer-assigned, hardware serial number as defined
in ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers" in "Small Unmanned Aerial Systems Serial Numbers" [CTA2063A].
[CTA2063A].
2 A CAA assigned (generally static) ID, like the registration number 2 A CAA-assigned (generally static) ID, like the registration number
of a manned aircraft. of a manned aircraft.
3 A UTM system assigned UUID [RFC4122], which can but need not be 3 A UTM-system-assigned Universally Unique Identifier (UUID)
dynamic. [RFC4122], which can but need not be dynamic.
4 A Specific Session ID, of any of an 8 bit range of subtypes 4 A Specific Session ID, of any of an 8-bit range of subtypes
defined external to ASTM and registered with ICAO, for which defined external to ASTM and registered with ICAO, for which
subtype 1 has been reserved by ASTM for the DRIP entity ID. subtype 1 has been reserved by ASTM for the DRIP entity ID.
Per [Delegated], the EU allows only UAS ID Type 1. Under [FRUR], the Per [Delegated], the EU allows only ID Type 1. Under [FRUR], the US
US allows types 1 and 3. [NPRM] proposed that a type 3 "Session ID" allows ID Type 1 and ID Type 3. [NPRM] proposed that a "Session ID"
would be "e.g., a randomly-generated alphanumeric code assigned by a would be "e.g., a randomly-generated alphanumeric code assigned by a
Remote ID UAS Service Supplier (USS) on a per-flight basis designed Remote ID UAS Service Supplier (USS) on a per-flight basis designed
to provide additional privacy to the operator", but given the to provide additional privacy to the operator", but given the
omission of Network RID from [FRUR], how this is to be assigned in omission of Network RID from [FRUR], how this is to be assigned in
the US is still to be determined. the US is still to be determined.
As yet apparently there are no CAA public proposals to use UAS ID As yet, there are apparently no CAA public proposals to use ID Type
Type 2. In the preamble of [FRUR], the FAA argues that registration 2. In the preamble of [FRUR], the FAA argues that registration
numbers should not be sent in RID, insists that the capability of numbers should not be sent in RID, insists that the capability of
looking up registration numbers from information contained in RID looking up registration numbers from information contained in RID
should be restricted to FAA and other Government agencies, and should be restricted to FAA and other Government agencies, and
implies that Session ID would be linked to the registration number implies that Session ID would be linked to the registration number
only indirectly via the serial number in the registration database. only indirectly via the serial number in the registration database.
The possibility of cryptographically blinding registration numbers, The possibility of cryptographically blinding registration numbers,
such that they can be revealed under specified circumstances, does such that they can be revealed under specified circumstances, does
not appear to be mentioned in applicable regulations or external not appear to be mentioned in applicable regulations or external
technical standards. technical standards.
Under [Delegated], the EU also requires an operator registration Per [Delegated], the EU also requires an operator registration number
number (an additional identifier distinct from the UAS ID) that can (an additional identifier distinct from the UAS ID) that can be
be carried in an [F3411-19] optional Operator ID message. carried in an [F3411-19] optional Operator ID Message.
[FRUR] allows RID requirements to be met by either the UA itself, [FRUR] allows RID requirements to be met either by the UA itself,
which is then designated a "standard remote identification unmanned which is then designated a "standard remote identification unmanned
aircraft", or by an add-on "remote identification broadcast module". aircraft", or by an add-on "remote identification broadcast module".
Relative to a standard RID UA, the different requirements for a The requirements for a module are different than for a standard RID
module are that the latter: must transmit its own serial number UA. The module:
(neither the serial number of the UA to which it is attached, nor a
Session ID); must transmit takeoff location as a proxy for the * must transmit its own serial number (neither the serial number of
location of the pilot/GCS; need not transmit UA emergency status; and the UA to which it is attached, nor a Session ID),
is allowed to be used only for operations within VLOS of the remote
pilot. * must transmit takeoff location as a proxy for the location of the
pilot/GCS,
* need not transmit UA emergency status, and
* is allowed to be used only for operations within VLOS of the
Remote Pilot.
Jurisdictions may relax or waive RID requirements for certain Jurisdictions may relax or waive RID requirements for certain
operators and/or under certain conditions. For example, [FRUR] operators and/or under certain conditions. For example, [FRUR]
allows operators with UAS not equipped for RID to conduct VLOS allows operators with UAS not equipped for RID to conduct VLOS
operations at counter-intuitively named "FAA-recognized operations at counterintuitively named "FAA-Recognized Identification
identification areas" (FRIA); radio controlled model aircraft flying Areas (FRIAs)"; radio-controlled model aircraft flying clubs and
clubs and other eligible organizations can apply to the FAA for such other eligible organizations can apply to the FAA for such
recognition of their operating areas. recognition of their operating areas.
3.1. Network RID 3.1. Network RID
Figure 3 illustrates Network RID information flows. Only two of the
three typically wireless links shown involving the UAS (UA-GCS, UA-
Internet, and GCS-Internet) need exist to support C2 and Network RID.
All three may exist, at the same or different times, especially in
BVLOS operations. There must be at least one information flow path
(direct or indirect) between the GCS and the UA, for the former to
exercise C2 over the latter. If this path is two-way (as
increasingly it is, even for inexpensive small UAS), the UA will also
send its status (and position, if suitably equipped, e.g., with GNSS)
to the GCS. There also must be a path between at least one subsystem
of the UAS (UA or GCS) and the Internet, for the former to send
status and position updates to its USS (serving inter alia as a Net-
RID SP).
+-------------+ ****************** +-------------+ ******************
| UA | * Internet * | UA | * Internet *
+--o-------o--+ * * +--o-------o--+ * *
| | * * | | * *
| | * * +------------+ | | * * +------------+
| '--------*--(+)-----------*-----o | | '--------*--(+)-----------*-----o |
| * | * | | | * | * | |
| .--------*--(+)-----------*-----o NET-Rid SP | | .--------*--(+)-----------*-----o Net-RID SP |
| | * * | | | | * * | |
| | * .------*-----o | | | * .------*-----o |
| | * | * +------------+ | | * | * +------------+
| | * | * | | * | *
| | * | * +------------+ | | * | * +------------+
| | * '------*-----o | | | * '------*-----o |
| | * * | NET-Rid DP | | | * * | Net-RID DP |
| | * .------*-----o | | | * .------*-----o |
| | * | * +------------+ | | * | * +------------+
| | * | * | | * | *
| | * | * +------------+ | | * | * +------------+
+--o-------o--+ * '------*-----o Observer's | +--o-------o--+ * '------*-----o Observer's |
| GCS | * * | Device | | GCS | * * | Device |
+-------------+ ****************** +------------+ +-------------+ ****************** +------------+
Figure 3: "Network RID Information Flow" Figure 3: Network RID Information Flow
Figure 3 illustrates Network RID information flows. Only two of the
three typically wireless links shown involving the UAS (UA-GCS, UA-
Internet, and GCS-Internet) need exist to support C2 and Network RID.
All three may exist, at the same or different times, especially in
BVLOS operations. There must be some information flow path (direct
or indirect) between the GCS and the UA, for the former to exercise
C2 over the latter. If this path is two-way (as increasingly it is,
even for inexpensive small UAS), the UA will also send its status
(and position, if suitably equipped, e.g., with GNSS) to the GCS.
There also must be some path between at least one subsystem of the
UAS (UA or GCS) and the Internet, for the former to send status and
position updates to its USS (serving _inter alia_ as a Net-RID SP).
Direct UA-Internet wireless links are expected to become more common, Direct UA-Internet wireless links are expected to become more common,
especially on larger UAS, but currently (2021) are rare. Instead, especially on larger UAS, but, at the time of writing, they are rare.
the RID data flow typically originates on the UA and passes through Instead, the RID data flow typically originates on the UA and passes
the GCS, or originates on the GCS. Network RID data makes three through the GCS, or it originates on the GCS. Network RID data makes
trips through the Internet (GCS-SP, SP-DP, DP-Observer, unless any of three trips through the Internet (GCS-SP, SP-DP, DP-Observer, unless
them are colocated), implying use of IP (and other middle layer any of them are colocated), implying use of IP (and other middle-
protocols, e.g., TLS/TCP or DTLS/UDP) on those trips. IP is not layer protocols, e.g., TLS/TCP or DTLS/UDP) on those trips. IP is
necessarily used or supported on the UA-GCS link (if indeed that not necessarily used or supported on the UA-GCS link (if indeed that
direct link exists, as it typically does now, but in BVLOS operations direct link exists, as it typically does now, but in BVLOS operations
often will not). often will not).
Network RID is publish-subscribe-query. In the UTM context: Network RID is publish-subscribe-query. In the UTM context:
1. The UAS operator pushes an "operational intent" (the current term 1. The UAS operator pushes an "operational intent" (the current term
in UTM corresponding to a flight plan in manned aviation) to the in UTM corresponding to a flight plan in manned aviation) to the
USS (call it USS#1) that will serve that UAS (call it UAS#1) for USS (call it USS#1) that will serve that UAS (call it UAS#1) for
that operation, primarily to enable deconfliction with other that operation, primarily to enable deconfliction with other
operations potentially impinging upon that operation's 4-D operations potentially impinging upon that operation's 4-D
airspace volume (call it Volume#1). airspace volume (call it Volume#1).
2. Assuming the operation is approved and commences, UAS#1 2. Assuming the operation is approved and commences, UAS#1
periodically pushes location/status updates to USS#1, which periodically pushes location/status updates to USS#1, which
serves _inter alia_ as the Network RID Service Provider (Net-RID serves inter alia as the Network RID Service Provider (Net-RID
SP) for that operation. SP) for that operation.
3. When users of any other USS (whether they be other UAS operators 3. When users of any other USS (whether they be other UAS operators
or Observers) develop an interest in any 4-D airspace volume or Observers) develop an interest in any 4-D airspace volume
(e.g., because they wish to submit an operational intent or (e.g., because they wish to submit an operational intent or
because they have observed a UA), they query their own USS on the because they have observed a UA), they query their own USS on the
volumes in which they are interested. volumes in which they are interested.
4. Their USS query, via the UTM Discovery and Synchronization 4. Their USS query, via the UTM Discovery and Synchronization
Service (DSS), all other USS in the UTM system, and learn of any Service (DSS), all other USS in the UTM system and learn of any
USS that have operations in those volumes (including any volumes USS that have operations in those volumes (including any volumes
intersecting them); thus those USS whose query volumes intersect intersecting them); thus, those USS whose query volumes intersect
Volume#1 (call them USS#2 through USS#n) learn that USS#1 has Volume#1 (call them USS#2 through USS#n) learn that USS#1 has
such operations. such operations.
5. Interested parties can then subscribe to track updates on that 5. Interested parties can then subscribe to track updates on that
operation of UAS#1, via their own USS, which serve as Network RID operation of UAS#1, via their own USS, which serve as Network RID
Display Providers (Net-RID DP) for that operation. Display Providers (Net-RID DPs) for that operation.
6. USS#1 (as Net-RID SP) will then publish updates of UAS#1 status 6. USS#1 (as Net-RID SP) will then publish updates of UAS#1 status
and position to all other subscribed USS in USS#2 through USS#n and position to all other subscribed USS in USS#2 through USS#n
(as Net-RID DP). (as Net-RID DP).
7. All Net-RID DP subscribed to that operation of UAS#1 will deliver 7. All Net-RID DP subscribed to that operation of UAS#1 will deliver
its track information to their users who subscribed to that its track information to their users who subscribed to that
operation of UAS#1 (via means unspecified by [F3411-19] etc., but operation of UAS#1 (via means unspecified by [F3411-19], etc.,
generally presumed to be web browser based). but generally presumed to be web browser based).
Network RID has several connectivity scenarios: Network RID has several connectivity scenarios:
_Persistently Internet connected UA_ can consistently directly * _Persistently Internet-connected UA_ can consistently directly
source RID information; this requires wireless coverage throughout source RID information; this requires wireless coverage throughout
the intended operational airspace volume, plus a buffer (e.g., the intended operational airspace volume, plus a buffer (e.g.,
winds may drive the UA out of the volume). winds may drive the UA out of the volume).
_Intermittently Internet connected UA_, can usually directly * _Intermittently Internet-connected UA_, can usually directly
source RID information, but when offline (e.g., due to signal source RID information, but when offline (e.g., due to signal
blockage by a large structure being inspected using the UAS), need blockage by a large structure being inspected using the UAS), need
the GCS to proxy source RID information. the GCS to proxy source RID information.
_Indirectly connected UA_ lack the ability to send IP packets that * _Indirectly connected UA_ lack the ability to send IP packets that
will be forwarded into and across the Internet, but instead have will be forwarded into and across the Internet but instead have
some other form of communications to another node that can relay some other form of communications to another node that can relay
or proxy RID information to the Internet; typically this node or proxy RID information to the Internet; typically, this node
would be the GCS (which to perform its function must know where would be the GCS (which to perform its function must know where
the UA is, although C2 link outages do occur). the UA is, although C2 link outages do occur).
_Non-connected UA_ have no means of sourcing RID information, in * _Non-connected UA_ have no means of sourcing RID information, in
which case the GCS or some other interface available to the which case the GCS or some other interface available to the
operator must source it. In the extreme case, this could be the operator must source it. In the extreme case, this could be the
pilot or other agent of the operator using a web browser/ pilot or other agent of the operator using a web browser or
application to designate, to a USS or other UTM entity, a time- application to designate, to a USS or other UTM entity, a time-
bounded airspace volume in which an operation will be conducted. bounded airspace volume in which an operation will be conducted.
This is referred to as a "non-equipped network participant" This is referred to as a "non-equipped network participant"
engaging in "area operations". This may impede disambiguation of engaging in "area operations". This may impede disambiguation of
ID if multiple UAS operate in the same or overlapping 4-D volumes. ID if multiple UAS operate in the same or overlapping 4-D volumes.
In most airspace volumes, most classes of UA will not be permitted In most airspace volumes, most classes of UA will not be permitted
to fly if non-connected. to fly if non-connected.
In most cases in the near term (2021), the Network RID first hop data In most cases in the near term (2021), the Network RID first-hop data
link is likely to be cellular, which can also support BVLOS C2 over link is likely to be either cellular (which can also support BVLOS C2
existing large coverage areas, or Wi-Fi, which can also support over existing large coverage areas) or Wi-Fi (which can also support
Broadcast RID. However, provided the data link can support at least Broadcast RID). However, provided the data link can support at least
UDP/IP and ideally also TCP/IP, its type is generally immaterial to UDP/IP and ideally also TCP/IP, its type is generally immaterial to
higher layer protocols. The UAS, as the ultimate source of Network higher-layer protocols. The UAS, as the ultimate source of Network
RID information, feeds a Net-RID SP (typically the USS to which the RID information, feeds a Net-RID SP (typically the USS to which the
UAS operator subscribes), which proxies for the UAS and other data UAS operator subscribes), which proxies for the UAS and other data
sources. An Observer or other ultimate consumer of Network RID sources. An Observer or other ultimate consumer of Network RID
information obtains it from a Net-RID DP (also typically a USS), information obtains it from a Net-RID DP (also typically a USS),
which aggregates information from multiple Net-RID SPs to offer which aggregates information from multiple Net-RID SPs to offer
airspace Situational Awareness (SA) coverage of a volume of interest. airspace Situational Awareness (SA) coverage of a volume of interest.
Network RID Service and Display Providers are expected to be
Network RID Service and Display providers are expected to be
implemented as servers in well-connected infrastructure, implemented as servers in well-connected infrastructure,
communicating with each other via the Internet, and accessible by communicating with each other via the Internet and accessible by
Observers via means such as web Application Programming Interfaces Observers via means such as web Application Programming Interfaces
(APIs) and browsers. (APIs) and browsers.
Network RID is the less constrained of the defined UAS RID means. Network RID is the less constrained of the defined means of UAS RID.
[F3411-19] specifies only Net-RID SP to Net-RID DP information [F3411-19] only specifies information exchanges from Net-RID SP to
exchanges. It is presumed that IETF efforts supporting the more Net-RID DP. It is presumed that IETF efforts supporting the more
constrained Broadcast RID (see next section) can be generalized for constrained Broadcast RID (see next section) can be generalized for
Network RID and potentially also for UAS to USS or other UTM Network RID and potentially also for UAS-to-USS or other UTM
communications. communications.
3.2. Broadcast RID 3.2. Broadcast RID
Figure 4 illustrates the Broadcast RID information flow. Note the
absence of the Internet from the figure. This is because Broadcast
RID is one-way direct transmission of application-layer messages over
an RF data link (without IP) from the UA to local Observer devices.
Internet connectivity is involved only in what the Observer chooses
to do with the information received, such as verify signatures using
a web-based Broadcast Authentication Verifier Service and look up
information in registries using the UAS ID as the primary unique key.
+-------------------+ +-------------------+
| Unmanned Aircraft | | Unmanned Aircraft |
+---------o---------+ +---------o---------+
| |
| |
| |
| app messages directly over one-way RF data link | app messages directly over one-way RF data link
| |
| |
v v
+------------------o-------------------+ +------------------o-------------------+
| Observer's device (e.g., smartphone) | | Observer's device (e.g., smartphone) |
+--------------------------------------+ +--------------------------------------+
Figure 4: "Broadcast RID Information Flow" Figure 4: Broadcast RID Information Flow
Figure 4 illustrates Broadcast RID information flow. Note the
absence of the Internet from the figure. This is because Broadcast
RID is one-way direct transmission of application layer messages over
a RF data link (without IP) from the UA to local Observer devices.
Internet connectivity is involved only in what the Observer chooses
to do with the information received, such as verify signatures using
a web-based Broadcast Authentication Verifier Service and look up
information in registries using the UAS ID as the primary unique key.
Broadcast RID is conceptually similar to Automatic Dependent Broadcast RID is conceptually similar to Automatic Dependent
Surveillance - Broadcast (ADS-B). However, for various technical and Surveillance - Broadcast (ADS-B). However, for various technical and
other reasons, regulators including the EASA have not indicated other reasons, regulators including the EASA have not indicated
intent to allow, and FAA has explicitly prohibited, use of ADS-B for intent to allow, and FAA has explicitly prohibited, use of ADS-B for
UAS RID. UAS RID.
[F3411-19] specifies four Broadcast RID data links: Bluetooth 4.x, [F3411-19] specifies four Broadcast RID data links: Bluetooth 4.x,
Bluetooth 5.x with Extended Advertisements and Long Range Coded PHY Bluetooth 5.x with Extended Advertisements and Long-Range Coded PHY
(S=8), Wi-Fi NAN at 2.4 GHz, and Wi-Fi NAN at 5 GHz. A UA must (S=8), Wi-Fi NAN at 2.4 GHz, and Wi-Fi NAN at 5 GHz. A UA must
broadcast (using advertisement mechanisms where no other option broadcast (using advertisement mechanisms where no other option
supports broadcast) on at least one of these. If sending on supports broadcast) on at least one of these. If sending on
Bluetooth 5.x, it is also required concurrently to do so on 4.x Bluetooth 5.x, it is required to do so concurrently on 4.x (referred
(referred to in [F3411-19] as Bluetooth Legacy); current (2021) to in [F3411-19] as "Bluetooth Legacy"); current (2021) discussions
discussions in ASTM F38.02 on revising the standard, motivated by in ASTM F38.02 on revising [F3411-19], motivated by drafts of
European standards drafts, suggest that both Bluetooth versions will European standards, suggest that both Bluetooth versions will be
be required. If broadcasting Wi-Fi NAN at 5 GHz, it is also required required. If broadcasting Wi-Fi NAN at 5 GHz, it is required to do
concurrently to do so at 2.4 GHz; current discussions in F38.02 so concurrently at 2.4 GHz; current discussions in ASTM F38.02
include relaxing this. Wi-Fi Beacons are also under consideration. include relaxing this. Wi-Fi Beacons are also under consideration.
Future revisions of [F3411-19] may allow other data links. Future revisions of [F3411-19] may allow other data links.
The selection of the Broadcast media was driven by research into what The selection of Broadcast RID media was driven by research into what
is commonly available on 'ground' units (smartphones and tablets) and is commonly available on "ground" units (smartphones and tablets) and
what was found as prevalent or 'affordable' in UA. Further, there what was found as prevalent or "affordable" in UA. Further, there
must be an API for the Observer's receiving application to have must be an API for the Observer's receiving application to have
access to these messages. As yet only Bluetooth 4.x support is access to these messages. As yet, only Bluetooth 4.x support is
readily available, thus the current focus is on working within the 31 readily available; thus, the current focus is on working within the
byte payload limit of the Bluetooth 4.x "Broadcast Frame" transmitted 31-byte payload limit of the Bluetooth 4.x "Broadcast Frame"
as an "advertisement" on beacon channels. After overheads, this transmitted as an "advertisement" on beacon channels. After
limits the RID message to 25 bytes and UAS ID string to a maximum overheads, this limits the RID message to 25 bytes and the UAS ID
length of 20 bytes. string to a maximum length of 20 bytes.
Length constraints also preclude a single Bluetooth 4.x frame A single Bluetooth 4.x advertisement frame can just barely fit any
carrying not only the UAS ID but also position, velocity, and other UAS ID long enough to be sufficiently unique for its purpose.
information that should be bound to the UAS ID, much less strong
authentication data. Messages that cannot be encapsulated in a There is related information, which especially includes, but is not
single frame (thus far, only the Authentication Message) must be limited to, the UA position and velocity, which must be represented
segmented into message "pages" (in the terminology of [F3411-19]). by data elements long enough to provide precision sufficient for
Message pages must somehow be correlated as belonging to the same their purpose while remaining unambiguous with respect to their
message. Messages carrying position, velocity and other data must reference frame.
somehow be correlated with the Basic ID message that carries the UAS
ID. This correlation is expected to be done on the basis of MAC In order to enable Observer devices to verify that 1) the claimed UAS
address: this may be complicated by MAC address randomization; not ID is indeed owned by the sender and 2) the related information was
indeed sent by the owner of that same UAS ID, authentication data
elements would typically be lengthy with conventional cryptographic
signature schemes. They would be too long to fit in a single frame,
even with the latest schemes currently being standardized.
Thus, it is infeasible to bundle information related to the UAS ID
and corresponding authentication data elements in a single Bluetooth
4.x frame; yet, somehow all these must be securely bound together.
Messages that cannot be encapsulated in a single frame (thus far,
only the Authentication Message) must be segmented into message
"pages" (in the terminology of [F3411-19]). Message pages must
somehow be correlated as belonging to the same message. Messages
carrying position, velocity and other data must somehow be correlated
with the Basic ID Message that carries the UAS ID. This correlation
is expected to be done on the basis of Media Access Control (MAC)
address. This may be complicated by MAC address randomization. Not
all the common devices expected to be used by Observers have APIs all the common devices expected to be used by Observers have APIs
that make sender MAC addresses available to user space receiver that make sender MAC addresses available to user space receiver
applications; and MAC addresses are easily spoofed. Data elements applications. MAC addresses are easily spoofed. Data elements are
are not so detached on other media (see Message Pack in the paragraph not so detached on other media (see Message Pack in the paragraph
after next). after next).
[F3411-19] Broadcast RID specifies several message types. The 4 bit [F3411-19] Broadcast RID specifies several message types (see
message type field in the header can index up to 16 types. Only 7 Section 5.4.5 and Table 3 of [F3411-19]). The table below lists
are currently defined. Only 2 are mandatory. All others are these message types. The 4-bit Message Type field in the header can
optional, unless required by a jurisdictional authority, e.g., a CAA. index up to 16 types. Only seven are defined at the time of writing.
To satisfy both EASA and FAA rules, all types are needed, except Only two are mandatory. All others are optional, unless required by
Self-ID and Authentication, as the data elements required by the a jurisdictional authority, e.g., a CAA. To satisfy both EASA and
rules are scattered across several message types (along with some FAA rules, all types are needed, except Self-ID and Authentication,
data elements not required by the rules). as the data elements required by the rules are scattered across
several message types (along with some data elements not required by
the rules).
The Message Pack (type 0xF) is not actually a message, but the framed The Message Pack (type 0xF) is not actually a message but the framed
concatenation of at most one message of each type of any subset of concatenation of at most one message of each type of any subset of
the other types, in type index order. Some of the messages that it the other types, in type index order. Some of the messages that it
can encapsulate are mandatory, others optional. The Message Pack can encapsulate are mandatory; others are optional. The Message Pack
itself is mandatory on data links that can encapsulate it in a single itself is mandatory on data links that can encapsulate it in a single
frame (Bluetooth 5.x and Wi-Fi). frame (Bluetooth 5.x and Wi-Fi).
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| Index | Name | Req | Notes | | Index | Name | Req | Notes |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x0 | Basic ID | Mandatory | - | | 0x0 | Basic ID | Mandatory | - |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x1 | Location/Vector | Mandatory | - | | 0x1 | Location/Vector | Mandatory | - |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x2 | Authentication | Optional | paged | | 0x2 | Authentication | Optional | paged |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x3 | Self-ID | Optional | free text | | 0x3 | Self-ID | Optional | free text |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x4 | System | Optional | - | | 0x4 | System | Optional | - |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0x5 | Operator | Optional | - | | 0x5 | Operator ID | Optional | - |
+-----------------------+-----------------+-----------+-----------+ +-------+-----------------+-----------+---------------+
| 0xF | Message Pack | - | BT5 and | | 0xF | Message Pack | - | BT5 and Wi-Fi |
| | | | Wi-Fi | +-------+-----------------+-----------+---------------+
+-----------------------+-----------------+-----------+-----------+
| See Section 5.4.5 and | - | - | - |
| Table 3 of [F3411-19] | | | |
+-----------------------+-----------------+-----------+-----------+
Table 1: F3411-19 Message Types Table 1: Message Types Defined in [F3411-19]
[F3411-19] Broadcast RID specifies very few quantitative performance [F3411-19] Broadcast RID specifies very few quantitative performance
requirements: static information must be transmitted at least once requirements: static information must be transmitted at least once
per 3 seconds; dynamic information (the Location/Vector message) must per three seconds, and dynamic information (the Location/Vector
be transmitted at least once per second and be no older than one Message) must be transmitted at least once per second and be no older
second when sent. [FRUR] requires all information be sent at least than one second when sent. [FRUR] requires all information be sent
once per second. at least once per second.
[F3411-19] Broadcast RID transmits all information as cleartext [F3411-19] Broadcast RID transmits all information as cleartext
(ASCII or binary), so static IDs enable trivial correlation of (ASCII or binary), so static IDs enable trivial correlation of
patterns of use, unacceptable in many applications, e.g., package patterns of use, which is unacceptable in many applications, e.g.,
delivery routes of competitors. package delivery routes of competitors.
Any UA can assert any ID using the [F3411-19] required Basic ID Any UA can assert any ID using the [F3411-19] required Basic ID
message, which lacks any provisions for verification. The Position/ Message, which lacks any provisions for verification. The Location/
Vector message likewise lacks provisions for verification, and does Vector Message likewise lacks provisions for verification and does
not contain the ID, so must be correlated somehow with a Basic ID not contain the ID, so it must be correlated somehow with a Basic ID
message: the developers of [F3411-19] have suggested using the MAC Message: the developers of [F3411-19] have suggested using the MAC
addresses on the Broadcast RID data link, but these may be randomized addresses on the Broadcast RID data link, but these may be randomized
by the operating system stack to avoid the adversarial correlation by the operating system stack to avoid the adversarial correlation
problems of static identifiers. problems of static identifiers.
The [F3411-19] optional Authentication Message specifies framing for The [F3411-19] optional Authentication Message specifies framing for
authentication data, but does not specify any authentication method, authentication data but does not specify any authentication method,
and the maximum length of the specified framing is too short for and the maximum length of the specified framing is too short for
conventional digital signatures and far too short for conventional conventional digital signatures and far too short for conventional
certificates (e.g., X.509). Fetching certificates via the Internet certificates (e.g., X.509). Fetching certificates via the Internet
is not always possible (e.g., Observers working in remote areas, such is not always possible (e.g., Observers working in remote areas, such
as national forests), so devising a scheme whereby certificates can as national forests), so devising a scheme whereby certificates can
be transported over Broadcast RID is necessary. The one-way nature be transported over Broadcast RID is necessary. The one-way nature
of Broadcast RID precludes challenge-response security protocols of Broadcast RID precludes challenge-response security protocols
(e.g., Observers sending nonces to UA, to be returned in signed (e.g., Observers sending nonces to UA, to be returned in signed
messages). Without DRIP extensions to [F3411-19], an Observer would messages). Without DRIP extensions to [F3411-19], an Observer would
be seriously challenged to validate the asserted UAS ID or any other be seriously challenged to validate the asserted UAS ID or any other
information about the UAS or its operator looked up therefrom. information about the UAS or its operator looked up therefrom.
In the currently (2021) proposed revision to ASTM [F3411-19], a new At the time of writing, the proposed revision of [F3411-19] defines a
Authentication Type 5 has been defined, "Specific Authentication new Authentication Type 5 ("Specific Authentication Method (SAM)") to
Method" (SAM), to enable SDOs other than ASTM to define enable SDOs other than ASTM to define authentication payload formats.
authentication payload formats. The first byte of the payload is the The first byte of the payload is the SAM Type, used to demultiplex
SAM Type, used to demultiplex such variant formats. All formats for such variant formats. All formats (aside from those for private
other than private experimental use must be registered with ICAO, experimental use) must be registered with ICAO, which assigns the SAM
which assigns the SAM Type. Any authentication message payload that Type. Any Authentication Message payload that is to be sent in
is to be sent in exactly the same form over all currently specified exactly the same form over all currently specified Broadcast RID
Broadcast RID media is limited by lower layer constraints to a total media is limited by lower-layer constraints to a total length of 201
length of 201 bytes. For Authentication Type 5, expected to be used bytes. For Authentication Type 5, which is expected to be used by
by DRIP, the SAM Type byte consumes the first of these, limiting DRIP DRIP, the SAM Type byte consumes the first of these, limiting DRIP
authentication payload formats to a maximum of 200 bytes. authentication payload formats to a maximum of 200 bytes.
3.3. USS in UTM and RID 3.3. USS in UTM and RID
UAS RID and UTM are complementary; Network RID is a UTM service. The UAS RID and UTM are complementary; Network RID is a UTM service. The
backbone of the UTM system is comprised of multiple USS: one or backbone of the UTM system is comprised of multiple USS: one or
several per jurisdiction; some limited to a single jurisdiction, several per jurisdiction with some being limited to a single
others spanning multiple jurisdictions. USS also serve as the jurisdiction while others span multiple jurisdictions. USS also
principal or perhaps the sole interface for operators and UAS into serve as the principal, or perhaps the sole, interface for operators
the UTM environment. Each operator subscribes to at least one USS. and UAS into the UTM environment. Each operator subscribes to at
Each UAS is registered by its operator in at least one USS. Each least one USS. Each UAS is registered by its operator in at least
operational intent is submitted to one USS; if approved, that UAS and one USS. Each operational intent is submitted to one USS; if
operator can commence that operation. During the operation, status approved, that UAS and operator can commence that operation. During
and location of that UAS must be reported to that USS, which in turn the operation, status and location of that UAS must be reported to
provides information as needed about that operator, UAS, and that USS, which, in turn, provides information as needed about that
operation into the UTM system and to Observers via Network RID. operator, UAS, and operation into the UTM system and to Observers via
Network RID.
USS provide services not limited to Network RID; indeed, the primary USS provide services not limited to Network RID; indeed, the primary
USS function is deconfliction of airspace usage by different UAS and USS function is deconfliction of airspace usage between different UAS
other (e.g., manned aircraft, rocket launch) operations. Most (and their operators). It will occasionally deconflict UAS from non-
UAS operations, such as manned aircraft and rocket launch. Most
deconfliction involving a given operation is hoped to be completed deconfliction involving a given operation is hoped to be completed
prior to commencing that operation, and is called "strategic prior to commencing that operation; this is called "strategic
deconfliction". If that fails, "tactical deconfliction" comes into deconfliction". If that fails, "tactical deconfliction" comes into
play; ABDAA may not involve USS, but GBDAA likely will. Dynamic play; AirBorne DAA (ABDAA) may not involve USS, but Ground-Based DAA
constraints, formerly called UAS Volume Restrictions (UVR), can be (GBDAA) likely will. Dynamic constraints, formerly called "UAS
necessitated by local emergencies, extreme weather, etc., specified Volume Restrictions (UVRs)", can be necessitated by circumstances
by authorities on the ground, and propagated in UTM. such as local emergencies and extreme weather, specified by
authorities on the ground, and propagated in UTM.
No role for USS in Broadcast RID is currently specified by regulators No role for USS in Broadcast RID is currently specified by regulators
or [F3411-19]. However, USS are likely to serve as registries (or or by [F3411-19]. However, USS are likely to serve as registries (or
perhaps registrars) for UAS (and perhaps operators); if so, USS will perhaps registrars) for UAS (and perhaps operators); if so, USS will
have a role in all forms of RID. Supplemental Data Service Providers have a role in all forms of RID. Supplemental Data Service Providers
(SDSP) are also likely to find roles, not only in UTM as such but (SDSPs) are also likely to find roles, not only in UTM as such but
also in enhancing UAS RID and related services. Whether USS, SDSP, also in enhancing UAS RID and related services. RID services are
etc. are involved or not, RID services, narrowly defined, provide used in concert with USS, SDSP, or other UTM entities (if and as
regulator specified identification information; more broadly defined, needed and available). Narrowly defined, RID services provide
regulator-specified identification information; more broadly defined,
RID services may leverage identification to facilitate related RID services may leverage identification to facilitate related
services or functions, likely beginning with V2X. services or functions, likely beginning with V2X.
3.4. DRIP Focus 3.4. DRIP Focus
In addition to the gaps described above, there is a fundamental gap In addition to the gaps described above, there is a fundamental gap
in almost all current or proposed regulations and technical standards in almost all current or proposed regulations and technical standards
for UAS RID. As noted above, ID is not an end in itself, but a for UAS RID. As noted above, ID is not an end in itself, but a
means. Protocols specified in [F3411-19] etc. provide limited means. Protocols specified in [F3411-19] etc. provide limited
information potentially enabling, and no technical means for, an information potentially enabling (but no technical means for) an
Observer to communicate with the pilot, e.g., to request further Observer to communicate with the pilot, e.g., to request further
information on the UAS operation or exit from an airspace volume in information on the UAS operation or exit from an airspace volume in
an emergency. The System Message provides the location of the pilot/ an emergency. The System Message provides the location of the pilot/
GCS, so an Observer could physically go to the asserted location to GCS, so an Observer could physically go to the asserted location to
look for the remote pilot; this is at best slow and may not be look for the Remote Pilot; this is slow, at best, and may not be
feasible. What if the pilot is on the opposite rim of a canyon, or feasible. What if the pilot is on the opposite rim of a canyon, or
there are multiple UAS operators to contact, whose GCS all lie in there are multiple UAS operators to contact whose GCS all lie in
different directions from the Observer? An Observer with Internet different directions from the Observer? An Observer with Internet
connectivity and access privileges could look up operator PII in a connectivity and access privileges could look up operator PII in a
registry, then call a phone number in hopes someone who can registry and then call a phone number in hopes that someone who can
immediately influence the UAS operation will answer promptly during immediately influence the UAS operation will answer promptly during
that operation; this is at best unreliable and may not be prudent. that operation; this is unreliable, at best, and may not be prudent.
Should pilots be encouraged to answer phone calls while flying? Should pilots be encouraged to answer phone calls while flying?
Internet technologies can do much better than this. Internet technologies can do much better than this.
Thus complementing [F3411-19] with protocols enabling strong Thus, to achieve widespread adoption of a RID system supporting safe
authentication, preserving operator privacy while enabling immediate and secure operation of UAS, protocols must do the following (despite
use of information by authorized parties, is critical to achieve the intrinsic tension among these objectives):
widespread adoption of a RID system supporting safe and secure
operation of UAS. Just as [F3411-19] is expected to be approved by * preserve operator privacy,
regulators as a basic means of compliance with UAS RID regulations,
DRIP is expected likewise to be approved to address further issues, * enable strong authentication, and
starting with the creation and registration of Session IDs.
* enable the immediate use of information by authorized parties.
Just as [F3411-19] is expected to be approved by regulators as a
basic means of compliance with UAS RID regulations, DRIP is likewise
expected to be approved to address further issues, starting with the
creation and registration of Session IDs.
DRIP will focus on making information obtained via UAS RID DRIP will focus on making information obtained via UAS RID
immediately usable: immediately usable:
1. by making it trustworthy (despite the severe constraints of 1. by making it trustworthy (despite the severe constraints of
Broadcast RID); Broadcast RID);
2. by enabling verification that a UAS is registered for RID, and if 2. by enabling verification that a UAS is registered for RID, and,
so, in which registry (for classification of trusted operators on if so, in which registry (for classification of trusted operators
the basis of known registry vetting, even by Observers lacking on the basis of known registry vetting, even by Observers lacking
Internet connectivity at observation time); Internet connectivity at observation time);
3. by facilitating independent reports of UA aeronautical data 3. by facilitating independent reports of UA aeronautical data
(location, velocity, etc.) to confirm or refute the operator (location, velocity, etc.) to confirm or refute the operator
self-reports upon which UAS RID and UTM tracking are based; self-reports upon which UAS RID and UTM tracking are based;
4. by enabling instant establishment, by authorized parties, of 4. by enabling instant establishment, by authorized parties, of
secure communications with the remote pilot. secure communications with the Remote Pilot.
The foregoing considerations, beyond those addressed by baseline UAS The foregoing considerations, beyond those addressed by baseline UAS
RID standards such as [F3411-19], imply the following requirements RID standards such as [F3411-19], imply the requirements for DRIP
for DRIP. detailed in Section 4.
4. Requirements 4. Requirements
The following requirements apply to DRIP as a set of related The following requirements apply to DRIP as a set of related
protocols, various subsets of which, in conjunction with other IETF protocols, various subsets of which, in conjunction with other IETF
and external technical standards, may suffice to comply with the and external technical standards, may suffice to comply with the
regulations in any given jurisdiction or meet any given user need. regulations in any given jurisdiction or meet any given user need.
It is not intended that each and every DRIP protocol alone satisfy It is not intended that each and every protocol of the DRIP set,
each and every requirement. To satisfy these requirements, Internet alone, satisfy each and every requirement. To satisfy these
connectivity is required some of the time: e.g., to support DRIP requirements, Internet connectivity is required some of the time
entity identifier creation/registration; but not all of the time, (e.g., to support DRIP Entity Identifier creation/registration) but
e.g., authentication of an asserted DRIP entity identifier can be not all of the time (e.g., authentication of an asserted DRIP Entity
achieved by a fully working and provisioned Observer device even when Identifier can be achieved by a fully working and provisioned
that device is off-line so is required at all times. Observer device even when that device is off-line so is required at
all times).
4.1. General 4.1. General
4.1.1. Normative Requirements 4.1.1. Normative Requirements
GEN-1 Provable Ownership: DRIP MUST enable verification that the GEN-1 Provable Ownership: DRIP MUST enable verification that the
asserted entity (typically UAS) ID is that of the actual asserted entity (typically UAS) ID is that of the actual
current sender (i.e., the entity ID in the DRIP authenticated current sender (i.e., the Entity ID in the DRIP
message set is not a replay attack or other spoof, e.g., by authenticated message set is not a replay attack or other
verifying an asymmetric cryptographic signature using a spoof), even on an Observer device lacking Internet
sender provided public key from which the asserted UAS ID can connectivity at the time of observation.
be at least partially derived), even on an Observer device
lacking Internet connectivity at the time of observation.
GEN-2 Provable Binding: DRIP MUST enable the cryptographic binding GEN-2 Provable Binding: DRIP MUST enable the cryptographic binding
of all other [F3411-19] messages from the same actual current of all other [F3411-19] messages from the same actual
sender to the UAS ID asserted in the Basic ID message. current sender to the UAS ID asserted in the Basic ID
Message.
GEN-3 Provable Registration: DRIP MUST enable cryptographically GEN-3 Provable Registration: DRIP MUST enable cryptographically
secure verification that the UAS ID is in a registry and secure verification that the UAS ID is in a registry and
identification of that registry, even on an Observer device identification of that registry, even on an Observer device
lacking Internet connectivity at the time of observation; the lacking Internet connectivity at the time of observation;
same sender may have multiple IDs, potentially in different the same sender may have multiple IDs, potentially in
registries, but each ID must clearly indicate in which different registries, but each ID must clearly indicate in
registry it can be found. which registry it can be found.
GEN-4 Readability: DRIP MUST enable information (regulation GEN-4 Readability: DRIP MUST enable information (regulation
required elements, whether sent via UAS RID or looked up in required elements, whether sent via UAS RID or looked up in
registries) to be read and utilized by both humans and registries) to be read and utilized by both humans and
software. software.
GEN-5 Gateway: DRIP MUST enable Broadcast RID to Network RID GEN-5 Gateway: DRIP MUST enable application-layer gateways from
application layer gateways to stamp messages with precise Broadcast RID to Network RID to stamp messages with precise
date/time received and receiver location, then relay them to date/time received and receiver location, then relay them to
a network service (e.g., SDSP or distributed ledger) whenever a network service (e.g., SDSP or distributed ledger)
the gateway has Internet connectivity. whenever the gateway has Internet connectivity.
GEN-6 Contact: DRIP MUST enable dynamically establishing, with AAA, GEN-6 Contact: DRIP MUST enable dynamically establishing, with
per policy, strongly mutually authenticated, end-to-end AAA, per policy, strongly mutually authenticated, end-to-end
strongly encrypted communications with the UAS RID sender and strongly encrypted communications with the UAS RID sender
entities looked up from the UAS ID, including at least the and entities looked up from the UAS ID, including at least
pilot (remote pilot or Pilot In Command), the USS (if any) the (1) pilot (Remote Pilot or Pilot In Command), (2) the
under which the operation is being conducted, and registries USS (if any) under which the operation is being conducted,
in which data on the UA and pilot are held, whenever each and (3) registries in which data on the UA and pilot are
party to such desired communications has a currently usable held. This requirement applies whenever each party to such
means of resolving the other party's DRIP entity identifier desired communications has a currently usable means of
to a locator (IP address) and currently usable bidirectional resolving the other party's DRIP Entity Identifier to a
IP (not necessarily Internet) connectivity with the other locator (IP address) and currently usable bidirectional IP
party. (not necessarily Internet) connectivity with the other
party.
GEN-7 QoS: DRIP MUST enable policy based specification of GEN-7 QoS: DRIP MUST enable policy-based specification of
performance and reliability parameters. performance and reliability parameters.
GEN-8 Mobility: DRIP MUST support physical and logical mobility of GEN-8 Mobility: DRIP MUST support physical and logical mobility of
UA, GCS and Observers. DRIP SHOULD support mobility of UA, GCS, and Observers. DRIP SHOULD support mobility of
essentially all participating nodes (UA, GCS, Observers, Net- essentially all participating nodes (UA, GCS, Observers,
RID SP, Net-RID DP, Private Registry, SDSP, and potentially Net-RID SP, Net-RID DP, Private Registries, SDSP, and
others as RID and UTM evolve). potentially others as RID and UTM evolve).
GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS, for GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS,
make-before-break smooth handoff and resiliency against path/ for make-before-break smooth handoff and resiliency against
link failure. DRIP SHOULD support multihoming of essentially path or link failure. DRIP SHOULD support multihoming of
all participating nodes. essentially all participating nodes.
GEN-10 Multicast: DRIP SHOULD support multicast for efficient and GEN-10 Multicast: DRIP SHOULD support multicast for efficient and
flexible publish-subscribe notifications, e.g., of UAS flexible publish-subscribe notifications, e.g., of UAS
reporting positions in designated airspace volumes. reporting positions in designated airspace volumes.
GEN-11 Management: DRIP SHOULD support monitoring of the health and GEN-11 Management: DRIP SHOULD support monitoring of the health and
coverage of Broadcast and Network RID services. coverage of Broadcast and Network RID services.
4.1.2. Rationale 4.1.2. Rationale
Requirements imposed either by regulation or [F3411-19] are not Requirements imposed either by regulation or by [F3411-19] are not
reiterated here, but drive many of the numbered requirements listed reiterated in this document, but they drive many of the numbered
here. The [FRUR] regulatory QoS requirement currently would be requirements listed here. The regulatory performance requirement in
satisfied by ensuring information refresh rates of at least 1 Hertz, [FRUR] currently would be satisfied by ensuring information refresh
with latencies no greater than 1 second, at least 80% of the time, rates of at least 1 Hertz, with latencies no greater than 1 second,
but these numbers may vary between jurisdictions and over time. So at least 80% of the time, but these numbers may vary between
instead the DRIP QoS requirement is that performance, reliability, jurisdictions and over time. Instead, the DRIP QoS requirement is
etc. parameters be user policy specifiable, which does not imply that parameters such as performance and reliability be specifiable by
satisfiable in all cases, but (especially together with the user policy, which does not imply satisfiable in all cases but does
management requirement) implies that when specifications are not met, imply (especially together with the Management requirement) that when
appropriate parties are notified. specifications are not met, appropriate parties are notified.
The "provable ownership" requirement addresses the possibility that The Provable Ownership requirement addresses the possibility that the
the actual sender is not the claimed sender (i.e., is a spoofer). actual sender is not the claimed sender (i.e., is a spoofer). DRIP
The "provable binding" requirement addresses the MAC address could meet this requirement by, for example, verifying an asymmetric
correlation problem of [F3411-19] noted above. The "provable cryptographic signature using a sender-provided public key from which
registration" requirement may impose burdens not only on the UAS the asserted UAS ID can be at least partially derived. The Provable
sender and the Observer's receiver, but also on the registry; yet it Binding requirement addresses the problem with MAC address
correlation [F3411-19] noted in Section 3.2. The Provable
Registration requirement may impose burdens not only on the UAS
sender and the Observer's receiver, but also on the registry; yet, it
cannot depend upon the Observer being able to contact the registry at cannot depend upon the Observer being able to contact the registry at
the time of observing the UA. The "readability" requirement pertains the time of observing the UA. The Readability requirement pertains
to the structure and format of information at endpoints rather than to the structure and format of information at endpoints rather than
its encoding in transit, so may involve machine assisted format its encoding in transit, so it may involve machine-assisted format
conversions, e.g., from binary encodings, and/or decryption (see conversions (e.g., from binary encodings) and/or decryption (see
Section 4.3). Section 4.3).
The "gateway" requirement is in pursuit of three objectives: (1) mark The Gateway requirement is in pursuit of three objectives: (1) mark
up a RID message with where and when it was actually received, which up a RID message with where and when it was actually received, which
may agree or disagree with the self-report in the set of messages; may agree or disagree with the self-report in the set of messages;
(2) defend against replay attacks; and (3) support optional SDSP (2) defend against replay attacks; and (3) support optional SDSP
services such as multilateration, to complement UAS position self- services such as multilateration, to complement UAS position self-
reports with independent measurements. This is the only instance in reports with independent measurements. This is the only instance in
which DRIP transports [F3411-19] messages; most of DRIP pertains to which DRIP transports [F3411-19] messages; most of DRIP pertains to
the authentication of such messages and identifiers carried in them. the authentication of such messages and identifiers carried in them.
The "contact" requirement allows any party that learns a UAS ID (that The Contact requirement allows any party that learns a UAS ID (that
is a DRIP entity identifier rather than another UAS ID Type) to is a DRIP Entity Identifier rather than another ID Type) to request
request establishment of a communications session with the establishment of a communications session with the corresponding UAS
corresponding UAS RID sender and certain entities associated with RID sender and certain entities associated with that UAS, but AAA and
that UAS, but AAA and policy restrictions, _inter alia_ on resolving policy restrictions, inter alia on resolving the identifier to any
the identifier to any locators (typically IP addresses), should locators (typically IP addresses), should prevent unauthorized
prevent unauthorized parties from distracting or harassing pilots. parties from distracting or harassing pilots. Thus, some but not all
Thus some but not all Observers of UA, receivers of Broadcast RID, Observers of UA, receivers of Broadcast RID, clients of Network RID,
clients of Network RID, and other parties can become successfully and other parties can become successfully initiating endpoints for
initiating endpoints for these sessions. these sessions.
The "QoS" requirement is only that performance and reliability The QoS requirement is only that performance and reliability
parameters can be _specified_ by policy, not that any such parameters can be _specified_ by policy, not that any such
specifications must be guaranteed to be met; any failure to meet such specifications must be guaranteed to be met; any failure to meet such
would be reported under the "management" requirement. Examples of would be reported under the Management requirement. Examples of such
such parameters are the maximum time interval at which messages parameters are the maximum time interval at which messages carrying
carrying required data elements may be transmitted, the maximum required data elements may be transmitted, the maximum tolerable rate
tolerable rate of loss of such messages, and the maximum tolerable of loss of such messages, and the maximum tolerable latency between a
latency between a dynamic data element (e.g., GNSS position of UA) dynamic data element (e.g., GNSS position of UA) being provided to
being provided to the DRIP sender and that element being delivered by the DRIP sender and that element being delivered by the DRIP receiver
the DRIP receiver to an application. to an application.
The "mobility" requirement refers to rapid geographic mobility of The Mobility requirement refers to rapid geographic mobility of
nodes, changes of their points of attachment to networks, and changes nodes, changes of their points of attachment to networks, and changes
to their IP addresses; it is not limited to micro-mobility within a to their IP addresses; it is not limited to micro-mobility within a
small geographic area or single Internet access provider. small geographic area or single Internet access provider.
4.2. Identifier 4.2. Identifier
4.2.1. Normative Requirements 4.2.1. Normative Requirements
ID-1 Length: The DRIP entity identifier MUST NOT be longer than 19 ID-1 Length: The DRIP Entity Identifier MUST NOT be longer than
bytes, to fit in the Specific Session ID subfield of the UAS ID 19 bytes, to fit in the Specific Session ID subfield of the
field of the Basic ID message of the currently (August 2021) UAS ID field of the Basic ID Message of the proposed
proposed revision of [F3411-19]. revision of [F3411-19] (at the time of writing).
ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify ID-2 Registry ID: The DRIP identifier MUST be sufficient to
a registry in which the entity identified therewith is listed. identify a registry in which the entity identified therewith
is listed.
ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable
lookups of other data associated with the entity identified lookups of other data associated with the entity identified
therewith in that registry. therewith in that registry.
ID-4 Uniqueness: The DRIP identifier MUST be unique within the ID-4 Uniqueness: The DRIP identifier MUST be unique within the
applicable global identifier space from when it is first applicable global identifier space from when it is first
registered therein until it is explicitly de-registered registered therein until it is explicitly deregistered
therefrom (due to, e.g., expiration after a specified lifetime, therefrom (due to, e.g., expiration after a specified
revocation by the registry, or surrender by the operator). lifetime, revocation by the registry, or surrender by the
operator).
ID-5 Non-spoofability: The DRIP identifier MUST NOT be spoofable ID-5 Non-spoofability: The DRIP identifier MUST NOT be spoofable
within the context of a minimal Remote ID broadcast message set within the context of a minimal Remote ID broadcast message
(to be specified within DRIP to be sufficient collectively to set (to be specified within DRIP to be sufficient
prove sender ownership of the claimed identifier). collectively to prove sender ownership of the claimed
identifier).
ID-6 Unlinkability: The DRIP identifier MUST NOT facilitate ID-6 Unlinkability: The DRIP identifier MUST NOT facilitate
adversarial correlation over multiple operations. If this is adversarial correlation over multiple operations. If this
accomplished by limiting each identifier to a single use or is accomplished by limiting each identifier to a single use
brief period of usage, the DRIP identifier MUST support well- or brief period of usage, the DRIP identifier MUST support
defined, scalable, timely registration methods. well-defined, scalable, timely registration methods.
4.2.2. Rationale 4.2.2. Rationale
The DRIP identifier can refer to various entities. In the primary The DRIP identifier can refer to various entities. In the primary
initial use case, the entity to be identified is the UA. Entities to initial use case, the entity to be identified is the UA. Entities to
be identified in other likely use cases include but are not limited be identified in other likely use cases include, but are not limited
to the operator, USS, and Observer. In all cases, the entity to, the operator, USS, and Observer. In all cases, the entity
identified must own (have the exclusive capability to use, such that identified must own the identifier (i.e., have the exclusive
receivers can verify its ownership of) the identifier. capability to use the identifier, such that receivers can verify the
entity's ownership of it).
The DRIP identifier can be used at various layers. In Broadcast RID, The DRIP identifier can be used at various layers. In Broadcast RID,
it would be used by the application running directly over the data it would be used by the application running directly over the data
link. In Network RID, it would be used by the application running link. In Network RID, it would be used by the application running
over HTTPS (not required by DRIP but generally used by Network RID over HTTPS (not required by DRIP but generally used by Network RID
implementations) and possibly other protocols. In RID initiated V2X implementations) and possibly other protocols. In RID-initiated V2X
applications such as DAA and C2, it could be used between the network applications such as DAA and C2, it could be used between the network
and transport layers, e.g., with the Host Identity Protocol (HIP, and transport layers (e.g., with the Host Identity Protocol (HIP)
[RFC9063], [RFC7401], etc.), or between the transport and application [RFC9063] [RFC7401]) or between the transport and application layers
layers, e.g., with Datagram Transport Layer Security (DTLS, (e.g., with DTLS [RFC6347]).
[RFC6347]).
Registry ID (which registry the entity is in) and Entity ID (which Registry ID (which registry the entity is in) and Entity ID (which
entity it is, within that registry) are requirements on a single DRIP entity it is, within that registry) are requirements on a single DRIP
entity identifier, not separate (types of) ID. In the most common Entity Identifier, not separate (types of) ID. In the most common
use case, the entity will be the UA, and the DRIP identifier will be use case, the entity will be the UA, and the DRIP identifier will be
the UAS ID; however, other entities may also benefit from having DRIP the UAS ID; however, other entities may also benefit from having DRIP
identifiers, so the entity type is not prescribed here. identifiers, so the entity type is not prescribed here.
Whether a UAS ID is generated by the operator, GCS, UA, USS, Whether a UAS ID is generated by the operator, GCS, UA, USS,
registry, or some collaboration thereamong, is unspecified; however, registry, or some collaboration among them is unspecified; however,
there must be agreement on the UAS ID among these entities. there must be agreement on the UAS ID among these entities.
Management of DRIP identifiers is the primary function of their Management of DRIP identifiers is the primary function of their
registration hierarchies, from the root (presumably IANA), through registration hierarchies, from the root (presumably IANA), through
sector-specific and regional authorities (presumably ICAO and CAAs), sector-specific and regional authorities (presumably ICAO and CAAs),
to the identified entities themselves. to the identified entities themselves.
While "uniqueness" might be considered an implicit requirement for While Uniqueness might be considered an implicit requirement for any
any identifier, here the point of the explicit requirement is not identifier, here the point of the explicit requirement is not just
just that it should be unique, but also where and when it should be that it should be unique, but also where and when it should be
unique: global scope within a specified space, from registration to unique: global scope within a specified space, from registration to
deregistration. deregistration.
While "non-spoofability" imposes requirements for and on a DRIP While Non-spoofability imposes requirements for and on a DRIP
authentication protocol, it also imposes requirements on the authentication protocol, it also imposes requirements on the
properties of the identifier itself. An example of how the nature of properties of the identifier itself. An example of how the nature of
the identifier can support non-spoofability is embedding a hash of the identifier can support non-spoofability is embedding a hash of
both the registry ID and a public key of the entity in the entity both the Registry ID and a public key of the entity in the entity
identifier, thus making it self-authenticating any time the entity's identifier, thus making it self-authenticating any time the entity's
corresponding private key is used to sign a message. corresponding private key is used to sign a message.
While "unlinkability" is a privacy desideratum (see next section), it While Unlinkability is a privacy desideratum (see Section 4.3), it
imposes requirements on the DRIP identifier itself, as distinct from imposes requirements on the DRIP identifier itself, as distinct from
other currently permitted choices for the UAS ID (including primarily other currently permitted choices for the UAS ID (including primarily
the static serial number of the UA or RID module). the static serial number of the UA or RID module).
4.3. Privacy 4.3. Privacy
4.3.1. Normative Requirements 4.3.1. Normative Requirements
PRIV-1 Confidential Handling: DRIP MUST enable confidential handling PRIV-1 Confidential Handling: DRIP MUST enable confidential
of private information (i.e., any and all information handling of private information (i.e., any and all
designated by neither cognizant authority nor the information information that neither the cognizant authority nor the
owner as public, e.g., personal data). information owner has designated as public, e.g., personal
data).
PRIV-2 Encrypted Transport: DRIP MUST enable selective strong PRIV-2 Encrypted Transport: DRIP MUST enable selective strong
encryption of private data in motion in such a manner that encryption of private data in motion in such a manner that
only authorized actors can recover it. If transport is via only authorized actors can recover it. If transport is via
IP, then encryption MUST be end-to-end, at or above the IP IP, then encryption MUST be end-to-end, at or above the IP
layer. DRIP MUST NOT encrypt safety critical data to be layer. DRIP MUST NOT encrypt safety critical data to be
transmitted over Broadcast RID in any situation where it is transmitted over Broadcast RID in any situation where it is
unlikely that local Observers authorized to access the unlikely that local Observers authorized to access the
plaintext will be able to decrypt it or obtain it from a plaintext will be able to decrypt it or obtain it from a
service able to decrypt it. DRIP MUST NOT encrypt data when/ service able to decrypt it. DRIP MUST NOT encrypt data
where doing so would conflict with applicable regulations or when/where doing so would conflict with applicable
CAA policies/procedures, i.e., DRIP MUST support configurable regulations or CAA policies/procedures, i.e., DRIP MUST
disabling of encryption. support configurable disabling of encryption.
PRIV-3 Encrypted Storage: DRIP SHOULD facilitate selective strong PRIV-3 Encrypted Storage: DRIP SHOULD facilitate selective strong
encryption of private data at rest in such a manner that only encryption of private data at rest in such a manner that
authorized actors can recover it. only authorized actors can recover it.
PRIV-4 Public/Private Designation: DRIP SHOULD facilitate PRIV-4 Public/Private Designation: DRIP SHOULD facilitate
designation, by cognizant authorities and information owners, designation, by cognizant authorities and information
of which information is public and which is private. By owners, of which information is public and which is private.
default, all information required to be transmitted via By default, all information required to be transmitted via
Broadcast RID, even when actually sent via Network RID or Broadcast RID, even when actually sent via Network RID or
stored in registries, is assumed to be public; all other stored in registries, is assumed to be public; all other
information held in registries for lookup using the UAS ID is information held in registries for lookup using the UAS ID
assumed to be private. is assumed to be private.
PRIV-5 Pseudonymous Rendezvous: DRIP MAY enable mutual discovery of PRIV-5 Pseudonymous Rendezvous: DRIP MAY enable mutual discovery of
and communications among participating UAS operators whose UA and communications among participating UAS operators whose
are in 4-D proximity, using the UAS ID without revealing UA are in 4-D proximity, using the UAS ID without revealing
pilot/operator identity or physical location. pilot/operator identity or physical location.
4.3.2. Rationale 4.3.2. Rationale
Most data to be sent via Broadcast RID or Network RID is public, thus Most data to be sent via Broadcast RID or Network RID is public;
the "encrypted transport" requirement for private data is selective, thus, the Encrypted Transport requirement for private data is
e.g., for the entire payload of the Operator ID Message, but only the selective, e.g., for the entire payload of the Operator ID Message,
pilot/GCS location fields of the System Message. Safety critical but only the pilot/GCS location fields of the System Message. Safety
data includes at least the UA location. Other data also may be critical data includes at least the UA location. Other data also may
deemed safety critical, e.g., in some jurisdictions the pilot/GCS be deemed safety critical, e.g., in some jurisdictions the pilot/GCS
location is implied to be safety critical. location is implied to be safety critical.
UAS have several potential means of assessing the likelihood that UAS have several potential means of assessing the likelihood that
local Observers authorized to access the plaintext will be able to local Observers authorized to access the plaintext will be able to
decrypt it or obtain it from a service able to decrypt it. If the decrypt it or obtain it from a service able to decrypt it. If the
UAS is not participating in UTM, an Observer would have no means of UAS is not participating in UTM, an Observer would have no means of
obtaining a decryption key or decryption services from a cognizant obtaining a decryption key or decryption services from a cognizant
USS. If the UAS is participating in UTM, but has lost connectivity USS. If the UAS is participating in UTM but has lost connectivity
with its USS, then an Observer within visual LOS of the UA is also with its USS, then an Observer within visual LOS of the UA is also
unlikely to be able to communicate with that USS (whether due to the unlikely to be able to communicate with that USS (whether due to the
USS being offline or the UAS and Observer being in an area with poor USS being offline or the UAS and Observer being in an area with poor
Internet connectivity). Either of these conditions (UTM non- Internet connectivity). Either of these conditions (UTM non-
participation or USS unreachability) would be known to the UAS. participation or USS unreachability) would be known to the UAS.
In some jurisdictions, the configurable enabling and disabling of In some jurisdictions, the configurable enabling and disabling of
encryption may need to be outside the control of the operator. encryption may need to be outside the control of the operator.
[FRUR] mandates manufacturers design RID equipment with some degree [FRUR] mandates that manufacturers design RID equipment with some
of tamper resistance; the preamble and other FAA commentary suggest degree of tamper resistance; the preamble of [FRUR] and other FAA
this is to reduce the likelihood that an operator, intentionally or commentary suggest this is to reduce the likelihood that an operator,
unintentionally, might alter the values of the required data elements intentionally or unintentionally, might alter the values of the
or disable their transmission in the required manner (e.g., as required data elements or disable their transmission in the required
cleartext). manner (e.g., as cleartext).
How information is stored on end systems is out of scope for DRIP. How information is stored on end systems is out of scope for DRIP.
Encouraging privacy best practices, including end system storage Encouraging privacy best practices, including end system storage
encryption, by facilitating it with protocol design reflecting such encryption, by facilitating it with protocol design reflecting such
considerations, is in scope. Similar logic applies to methods for considerations is in scope. Similar logic applies to methods for
designating information as public or private. designating information as public or private.
The privacy requirements above are for DRIP, neither for [F3411-19] The Privacy requirements above are for DRIP, neither for [F3411-19]
(which requires obfuscation of location to any Network RID subscriber (which, in the interest of privacy, requires obfuscation of location
engaging in wide area surveillance, limits data retention periods, to any Network RID subscriber engaging in wide area surveillance,
etc., in the interests of privacy), nor for UAS RID in any specific limits data retention periods, etc.), nor for UAS RID in any specific
jurisdiction (which may have its own regulatory requirements). The jurisdiction (which may have its own regulatory requirements). The
requirements above are also in a sense parameterized: who are the requirements above are also in a sense parameterized: who are the
"authorized actors", how are they designated, how are they "authorized actors", how are they designated, how are they
authenticated, etc.? authenticated, etc.?
4.4. Registries 4.4. Registries
4.4.1. Normative Requirements 4.4.1. Normative Requirements
REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of
information designated by cognizant authority as public, and information designated by cognizant authority as public and
MUST NOT restrict access to this information based on identity MUST NOT restrict access to this information based on
or role of the party submitting the query. identity or role of the party submitting the query.
REG-2 Private Lookup: DRIP MUST enable lookup of private information REG-2 Private Lookup: DRIP MUST enable lookup of private
(i.e., any and all information in a registry, associated with information (i.e., any and all information in a registry,
the UAS ID, that is designated by neither cognizant authority associated with the UAS ID, that is designated by neither
nor the information owner as public), and MUST, according to cognizant authority nor the information owner as public),
applicable policy, enforce AAA, including restriction of and MUST, according to applicable policy, enforce AAA,
access to this information based on identity or role of the including restriction of access to this information based on
party submitting the query. identity or role of the party submitting the query.
REG-3 Provisioning: DRIP MUST enable provisioning registries with REG-3 Provisioning: DRIP MUST enable provisioning registries with
static information on the UAS and its operator, dynamic static information on the UAS and its operator, dynamic
information on its current operation within the U-space/UTM information on its current operation within the U-space/UTM
(including means by which the USS under which the UAS is (including means by which the USS under which the UAS is
operating may be contacted for further, typically even more operating may be contacted for further, typically even more
dynamic, information), and Internet direct contact information dynamic, information), and Internet direct contact
for services related to the foregoing. information for services related to the foregoing.
REG-4 AAA Policy: DRIP AAA MUST be specifiable by policies; the REG-4 AAA Policy: DRIP AAA MUST be specifiable by policies; the
definitive copies of those policies must be accessible in definitive copies of those policies must be accessible in
registries; administration of those policies and all DRIP registries; administration of those policies and all DRIP
registries must be protected by AAA. registries must be protected by AAA.
4.4.2. Rationale 4.4.2. Rationale
Registries are fundamental to RID. Only very limited information can Registries are fundamental to RID. Only very limited information can
be Broadcast, but extended information is sometimes needed. The most be transmitted via Broadcast RID, but extended information is
essential element of information sent is the UAS ID itself, the sometimes needed. The most essential element of information sent is
unique key for lookup of extended information in registries. Beyond the UAS ID itself, the unique key for lookup of extended information
designating the UAS ID as that unique key, the registry information in registries. The regulatory requirements for the registry
model is not specified herein, in part because regulatory information models for UAS and their operators for RID and, more
requirements for different registries (UAS operators and their UA, broadly, for U-space/UTM needs are in flux. Thus, beyond designating
each narrowly for UAS RID and broadly for U-space/UTM) and business the UAS ID as that unique key, the registry information model is not
models for meeting those requirements are in flux. While it is specified in this document. While it is expected that registry
expected that registry functions will be integrated with USS, who functions will be integrated with USS, who will provide them is
will provide them is not yet determined in most, and is expected to expected to vary between jurisdictions and has not yet been
vary between, jurisdictions. However this evolves, the essential determined in most jurisdictions. However this evolves, the
registry functions, starting with management of identifiers, are essential registry functions, starting with management of
expected to remain the same, so are specified herein. identifiers, are expected to remain the same, so those are specified
herein.
While most data to be sent via Broadcast or Network RID is public, While most data to be sent via Broadcast or Network RID is public,
much of the extended information in registries will be private. Thus much of the extended information in registries will be private.
AAA for registries is essential, not just to ensure that access is Thus, AAA for registries is essential, not just to ensure that access
granted only to strongly authenticated, duly authorized parties, but is granted only to strongly authenticated, duly authorized parties,
also to support subsequent attribution of any leaks, audit of who but also to support subsequent attribution of any leaks, audit of who
accessed information when and for what purpose, etc. As specific AAA accessed information when and for what purpose, etc. Specific AAA
requirements will vary by jurisdictional regulation, provider requirements will vary by jurisdictional regulation, provider
philosophy, customer demand, etc., they are left to specification in philosophy, customer demand, etc., so they are left to specification
policies, which should be human readable to facilitate analysis and in policies. Such policies should be human readable to facilitate
discussion, and machine readable to enable automated enforcement, analysis and discussion, be machine readable to enable automated
using a language amenable to both, e.g., XACML. enforcement, and use a language amenable to both, e.g., eXtensible
Access Control Markup Language (XACML).
The intent of the negative and positive access control requirements The intent of the negative and positive access control requirements
on registries is to ensure that no member of the public would be on registries is to ensure that no member of the public would be
hindered from accessing public information, while only duly hindered from accessing public information, while only duly
authorized parties would be enabled to access private information. authorized parties would be enabled to access private information.
Mitigation of Denial of Service attacks and refusal to allow database Mitigation of denial-of-service attacks and refusal to allow database
mass scraping would be based on those behaviors, not on identity or mass scraping would be based on those behaviors, not on identity or
role of the party submitting the query _per se_, but querant identity role of the party submitting the query per se; however, information
information might be gathered (by security systems protecting DRIP on the identity of the party submitting the query might be gathered
implementations) on such misbehavior. on such misbehavior by security systems protecting DRIP
implementations.
By "Internet direct contact information" is meant a locator (e.g., IP "Internet direct contact information" means a locator (e.g., IP
address), or identifier (e.g., FQDN) that can be resolved to a address), or identifier (e.g., FQDN) that can be resolved to a
locator, which would enable initiation of an end-to-end communication locator, which enables initiation of an end-to-end communication
session using a well known protocol (e.g., SIP). session using a well-known protocol (e.g., SIP).
5. IANA Considerations 5. IANA Considerations
This document does not make any IANA request. This document has no IANA actions.
6. Security Considerations 6. Security Considerations
DRIP is all about safety and security, so content pertaining to such DRIP is all about safety and security, so content pertaining to such
is not limited to this section. This document does not define any is not limited to this section. This document does not define any
protocols, so security considerations of such are speculative. protocols, so security considerations of such are speculative.
Potential vulnerabilities of DRIP solutions to these requirements Potential vulnerabilities of DRIP solutions to these requirements
include but are not limited to: include but are not limited to:
* Sybil attacks * Sybil attacks
* confusion created by many spoofed unsigned messages * confusion created by many spoofed unsigned messages
* processing overload induced by attempting to verify many spoofed * processing overload induced by attempting to verify many spoofed
signed messages (where verification will fail but still consume signed messages (where verification will fail but still consume
cycles) cycles)
* malicious or malfunctioning registries * malicious or malfunctioning registries
* interception by on-path attacker of (i.e., Man In The Middle * interception by on-path attacker of (i.e., man-in-the-middle
attacks on) registration messages attacks on) registration messages
* UA impersonation through private key extraction, improper key * UA impersonation through private key extraction, improper key
sharing, or carriage of a small (presumably harmless) UA, i.e., as sharing, or carriage of a small (presumably harmless) UA, i.e., as
a "false flag", by a larger (malicious) UA a "false flag", by a larger (malicious) UA
It may be inferred from the general requirements (Section 4.1) for It may be inferred from the General requirements (Section 4.1) for
provable ownership, provable binding, and provable registration, Provable Ownership, Provable Binding, and Provable Registration,
together with the identifier requirements (Section 4.2), that DRIP together with the Identifier requirements (Section 4.2), that DRIP
must provide: must provide:
* message integrity * message integrity
* non-repudiation * non-repudiation
* defense against replay attacks * defense against replay attacks
* defense against spoofing * defense against spoofing
skipping to change at page 40, line 34 skipping to change at line 1944
whether via this approach or another, is likely to be especially whether via this approach or another, is likely to be especially
challenging for Observers without Internet connectivity at the time challenging for Observers without Internet connectivity at the time
of observation. For example, checking the signature of a registry on of observation. For example, checking the signature of a registry on
a public key certificate received via Broadcast RID in a remote area a public key certificate received via Broadcast RID in a remote area
presumably would require that the registry's public key had been presumably would require that the registry's public key had been
previously installed on the Observer's device, yet there may be many previously installed on the Observer's device, yet there may be many
registries and the Observer's device may be storage constrained, and registries and the Observer's device may be storage constrained, and
new registries may come on-line subsequent to installation of DRIP new registries may come on-line subsequent to installation of DRIP
software on the Observer's device. See also Figure 1 and the software on the Observer's device. See also Figure 1 and the
associated explanatory text, especially the second paragraph after associated explanatory text, especially the second paragraph after
the figure. Thus there may be caveats on the extent to which the figure. Thus, there may be caveats on the extent to which
requirements can be satisfied in such cases, yet strenuous effort requirements can be satisfied in such cases, yet strenuous effort
should be made to satisfy them, as such cases, e.g., firefighting in should be made to satisfy them, as such cases are important, e.g.,
a national forest, are important. Each numbered requirement _a firefighting in a national forest. Each numbered requirement a
priori_ expected to suffer from such limitations (General priori expected to suffer from such limitations (General requirements
requirements for Gateway and Contact functionality) contains language for Gateway and Contact functionality) contains language stating when
stating when it applies. it applies.
7. Privacy and Transparency Considerations 7. Privacy and Transparency Considerations
Privacy and transparency are important for legal reasons including Privacy and transparency are important for legal reasons including
regulatory consistency. [EU2018] states "harmonised and regulatory consistency. [EU2018] states:
interoperable national registration systems... should comply with the
applicable Union and national law on privacy and processing of | harmonised and interoperable national registration systems ...
personal data, and the information stored in those registration | should comply with the applicable Union and national law on
systems should be easily accessible." | privacy and processing of personal data, and the information
Privacy and transparency (where essential to security or safety) are | stored in those registration systems should be easily accessible.
Transparency (where essential to security or safety) and privacy are
also ethical and moral imperatives. Even in cases where old also ethical and moral imperatives. Even in cases where old
practices (e.g., automobile registration plates) could be imitated, practices (e.g., automobile registration plates) could be imitated,
when new applications involving PII (such as UAS RID) are addressed when new applications involving PII (such as UAS RID) are addressed
and newer technologies could enable improving privacy, such and newer technologies could enable improving privacy, such
opportunities should not be squandered. Thus it is recommended that opportunities should not be squandered. Thus, it is recommended that
all DRIP work give due regard to [RFC6973] and more broadly all DRIP work give due regard to [RFC6973] and, more broadly, to
[RFC8280]. [RFC8280].
However, privacy and transparency are often conflicting goals, However, privacy and transparency are often conflicting goals,
demanding careful attention to their balance. demanding careful attention to their balance.
DRIP information falls into two classes: that which, to achieve the DRIP information falls into two classes:
purpose, must be published openly as cleartext, for the benefit of
any Observer (e.g., the basic UAS ID itself); and that which must be * that which, to achieve the purpose, must be published openly as
protected (e.g., PII of pilots) but made available to properly cleartext, for the benefit of any Observer (e.g., the basic UAS ID
authorized parties (e.g., public safety personnel who urgently need itself); and
to contact pilots in emergencies).
* that which must be protected (e.g., PII of pilots) but made
available to properly authorized parties (e.g., public safety
personnel who urgently need to contact pilots in emergencies).
How properly authorized parties are authorized, authenticated, etc. How properly authorized parties are authorized, authenticated, etc.
are questions that extend beyond the scope of DRIP, but DRIP may be are questions that extend beyond the scope of DRIP, but DRIP may be
able to provide support for such processes. Classification of able to provide support for such processes. Classification of
information as public or private must be made explicit and reflected information as public or private must be made explicit and reflected
with markings, design, etc. Classifying the information will be with markings, design, etc. Classifying the information will be
addressed primarily in external standards; herein it will be regarded addressed primarily in external standards; in this document, it will
as a matter for CAA, registry, and operator policies, for which be regarded as a matter for CAA, registry, and operator policies, for
enforcement mechanisms will be defined within the scope of DRIP WG which enforcement mechanisms will be defined within the scope of the
and offered. Details of the protection mechanisms will be provided DRIP WG and offered. Details of the protection mechanisms will be
in other DRIP documents. Mitigation of adversarial correlation will provided in other DRIP documents. Mitigation of adversarial
also be addressed. correlation will also be addressed.
8. References 8. References
8.1. Normative References 8.1. Normative References
[F3411-19] ASTM International, "Standard Specification for Remote ID [F3411-19] ASTM International, "Standard Specification for Remote ID
and Tracking", February 2020, and Tracking", ASTM F3411-19, DOI 10.1520/F3411-19,
February 2020,
<http://www.astm.org/cgi-bin/resolver.cgi?F3411>. <http://www.astm.org/cgi-bin/resolver.cgi?F3411>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
8.2. Informative References 8.2. Informative References
[Amended] European Union Aviation Safety Agency (EASA), "Commission [Amended] European Parliament and Council, "Commission Delegated
Delegated Regulation (EU) 2020/1058 of 27 April 2020 Regulation (EU) 2020/1058 of 27 April 2020 amending
amending Delegated Regulation (EU) 2019/945", April 2020, Delegated Regulation (EU) 2019/945 as regards the
<https://eur-lex.europa.eu/legal-content/EN/ introduction of two new unmanned aircraft systems
TXT/?uri=CELEX%3A32020R1058>. classes", April 2020,
<https://eur-lex.europa.eu/eli/reg_del/2020/1058/oj>.
[ASDRI] ASD-STAN, "Introduction to the European UAS Digital Remote [ASDRI] ASD-STAN, "Introduction to the European UAS Digital Remote
ID Technical Standard", January 2021, <https://asd- ID Technical Standard", January 2021, <https://asd-
stan.org/wp-content/uploads/ASD-STAN_DRI_Introduction_to_t stan.org/wp-content/uploads/ASD-STAN_DRI_Introduction_to_t
he_European_digital_RID_UAS_Standard.pdf>. he_European_digital_RID_UAS_Standard.pdf>.
[ASDSTAN4709-002]
ASD-STAN, "Aerospace series - Unmanned Aircraft Systems -
Part 002: Direct Remote Identification", ASD-STAN
prEN 4709-002 P1, October 2021, <https://asd-
stan.org/downloads/asd-stan-pren-4709-002-p1/>.
[CPDLC] Gurtov, A., Polishchuk, T., and M. Wernberg, "Controller- [CPDLC] Gurtov, A., Polishchuk, T., and M. Wernberg, "Controller-
Pilot Data Link Communication Security", MDPI Pilot Data Link Communication Security", Sensors 18, no.
Sensors 18(5), 1636, 2018, 5: 1636, DOI 10.3390/s18051636, 2018,
<https://www.mdpi.com/1424-8220/18/5/1636>. <https://www.mdpi.com/1424-8220/18/5/1636>.
[CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers", [CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers",
September 2019, <https://shop.cta.tech/products/small- ANSI/CTA 2063-A, September 2019,
unmanned-aerial-systems-serial-numbers>. <https://shop.cta.tech/products/small-unmanned-aerial-
systems-serial-numbers>.
[Delegated] [Delegated]
European Union Aviation Safety Agency (EASA), "Commission European Parliament and Council, "Commission Delegated
Delegated Regulation (EU) 2019/945 of 12 March 2019 on Regulation (EU) 2019/945 of 12 March 2019 on unmanned
unmanned aircraft systems and on third-country operators aircraft systems and on third-country operators of
of unmanned aircraft systems", March 2019, unmanned aircraft systems", March 2019,
<https://eur-lex.europa.eu/eli/reg_del/2019/945/oj>. <https://eur-lex.europa.eu/eli/reg_del/2019/945/oj>.
[drip-architecture] [DRIP-ARCH]
Card, S. W., Wiethuechter, A., Moskowitz, R., Zhao, S., Card, S., Wiethuechter, A., Moskowitz, R., Zhao, S., Ed.,
and A. Gurtov, "Drone Remote Identification Protocol and A. Gurtov, "Drone Remote Identification Protocol
(DRIP) Architecture", Work in Progress, Internet-Draft, (DRIP) Architecture", Work in Progress, Internet-Draft,
draft-ietf-drip-arch-15, 25 July 2021, draft-ietf-drip-arch-20, 28 January 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-drip- <https://datatracker.ietf.org/doc/html/draft-ietf-drip-
arch-15>. arch-20>.
[ENISACSIRT] [ENISACSIRT]
European Union Agency for Cybersecurity (ENISA), European Union Agency for Cybersecurity (ENISA),
"Actionable information for Security Incident Response", "Actionable information for Security Incident Response",
November 2014, <https://www.enisa.europa.eu/topics/csirt- November 2014, <https://www.enisa.europa.eu/topics/csirt-
cert-services/reactive-services/copy_of_actionable- cert-services/reactive-services/copy_of_actionable-
information>. information/actionable-information>.
[EU2018] European Parliament and Council, "2015/0277 (COD) PE-CONS [EU2018] European Parliament and Council, "2015/0277 (COD) PE-CONS
2/18", February 2018, 2/18", June 2018,
<https://www.consilium.europa.eu/media/35805/easa- <https://www.consilium.europa.eu/media/35805/easa-
regulation-june-2018.pdf>. regulation-june-2018.pdf>.
[FAACONOPS] [FAACONOPS]
FAA Office of NextGen, "UTM Concept of Operations v2.0", FAA Office of NextGen, "UTM Concept of Operations v2.0",
March 2020, <https://www.faa.gov/uas/research_development/ March 2020, <https://www.faa.gov/uas/research_development/
traffic_management/media/UTM_ConOps_v2.pdf>. traffic_management/media/UTM_ConOps_v2.pdf>.
[FR24] Flightradar24 AB, "Flightradar24 Live Air Traffic", May [FR24] Flightradar24, "About Flightradar24",
2021, <https://www.flightradar24.com/about>. <https://www.flightradar24.com/about>.
[FRUR] Federal Aviation Administration, "Remote Identification of [FRUR] Federal Aviation Administration (FAA), "Remote
Unmanned Aircraft", January 2021, Identification of Unmanned Aircraft", January 2021,
<https://www.federalregister.gov/ <https://www.federalregister.gov/
documents/2021/01/15/2020-28948/remote-identification-of- documents/2021/01/15/2020-28948/remote-identification-of-
unmanned-aircraft>. unmanned-aircraft>.
[GDPR] European Parliament and Council, "General Data Protection [GDPR] European Parliament and Council, "Regulation (EU) 2016/679
Regulation", April 2016, of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General
Data Protection Regulation)", April 2016,
<https://eur-lex.europa.eu/eli/reg/2016/679/oj>. <https://eur-lex.europa.eu/eli/reg/2016/679/oj>.
[I-D.ietf-raw-ldacs] [ICAOATM] International Civil Aviation Organization, "Procedures for
Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital Air Navigation Services: Air Traffic Management",
Aeronautical Communications System (LDACS)", Work in Doc 4444, November 2016, <https://store.icao.int/en/
Progress, Internet-Draft, draft-ietf-raw-ldacs-08, 10 May
2021, <https://datatracker.ietf.org/doc/html/draft-ietf-
raw-ldacs-08>.
[ICAOATM] International Civil Aviation Organization, "Doc 4444:
Procedures for Air Navigation Services: Air Traffic
Management", November 2016, <https://store.icao.int/en/
procedures-for-air-navigation-services-air-traffic- procedures-for-air-navigation-services-air-traffic-
management-doc-4444>. management-doc-4444>.
[ICAODEFS] International Civil Aviation Organization, "Defined terms [ICAODEFS] International Civil Aviation Organization, "Defined terms
from the Annexes to the Chicago Convention and ICAO from the Annexes to the Chicago Convention and ICAO
guidance material", July 2017, guidance material", July 2017,
<https://www.icao.int/safety/cargosafety/Documents/ <https://www.icao.int/safety/cargosafety/Documents/
Draft%20Glossary%20of%20terms.docx>. Draft%20Glossary%20of%20terms.docx>.
[ICAOUAS] International Civil Aviation Organization, "Circular 328: [ICAOUAS] International Civil Aviation Organization, "Unmanned
Unmanned Aircraft Systems", February 2011, Aircraft Systems", Circular 328, 2011,
<https://www.icao.int/meetings/uas/documents/ <https://www.icao.int/meetings/uas/documents/
circular%20328_en.pdf>. circular%20328_en.pdf>.
[ICAOUTM] International Civil Aviation Organization, "Unmanned [ICAOUTM] International Civil Aviation Organization, "Unmanned
Aircraft Systems Traffic Management (UTM) - A Common Aircraft Systems Traffic Management (UTM) - A Common
Framework with Core Principles for Global Harmonization, Framework with Core Principles for Global Harmonization,
Edition 3", October 2020, Edition 3", October 2020,
<https://www.icao.int/safety/UA/Documents/ <https://www.icao.int/safety/UA/Documents/
UTM%20Framework%20Edition%203.pdf>. UTM%20Framework%20Edition%203.pdf>.
[Implementing] [Implementing]
European Union Aviation Safety Agency (EASA), "Commission European Parliament and Council, "Commission Implementing
Implementing Regulation (EU) 2019/947 of 24 May 2019 on Regulation (EU) 2019/947 of 24 May 2019 on the rules and
the rules and procedures for the operation of unmanned procedures for the operation of unmanned aircraft", May
aircraft", May 2019, 2019,
<https://eur-lex.europa.eu/eli/reg_impl/2019/947/oj>. <https://eur-lex.europa.eu/eli/reg_impl/2019/947/oj>.
[InitialView] [InitialView]
SESAR Joint Undertaking, "Initial view on Principles for SESAR Joint Undertaking, "Initial view on Principles for
the U-space architecture", July 2019, the U-space architecture", July 2019,
<https://www.sesarju.eu/sites/default/files/documents/u- <https://www.sesarju.eu/sites/default/files/documents/u-
space/SESAR%20principles%20for%20U- space/SESAR%20principles%20for%20U-
space%20architecture.pdf>. space%20architecture.pdf>.
[LDACS] Maeurer, N., Ed., Graeupl, T., Ed., and C. Schmitt, Ed.,
"L-band Digital Aeronautical Communications System
(LDACS)", Work in Progress, Internet-Draft, draft-ietf-
raw-ldacs-09, 22 October 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-raw-
ldacs-09>.
[NPRM] United States Federal Aviation Administration (FAA), [NPRM] United States Federal Aviation Administration (FAA),
"Notice of Proposed Rule Making on Remote Identification "Notice of Proposed Rule Making on Remote Identification
of Unmanned Aircraft Systems", December 2019, of Unmanned Aircraft Systems", December 2019,
<https://www.federalregister.gov/ <https://www.federalregister.gov/
documents/2019/12/31/2019-28100/remote-identification-of- documents/2019/12/31/2019-28100/remote-identification-of-
unmanned-aircraft-systems>. unmanned-aircraft-systems>.
[OpenDroneID] [OpenDroneID]
Intel Corp., "Open Drone ID", March 2019, "The Open Drone ID specification", commit c4c8bb8, March
<https://github.com/opendroneid/specs>. 2020, <https://github.com/opendroneid/specs>.
[OpenSky] OpenSky Network non-profit association, "The OpenSky [OpenSky] OpenSky Network, "About the OpenSky Network",
Network", May 2021,
<https://opensky-network.org/about/about-us>. <https://opensky-network.org/about/about-us>.
[Opinion1] European Union Aviation Safety Agency (EASA), "Opinion No [Opinion1] European Union Aviation Safety Agency (EASA), "High-level
01/2020: High-level regulatory framework for the U-space", regulatory framework for the U-space", Opinion No 01/2020,
March 2020, <https://www.easa.europa.eu/document- March 2020, <https://www.easa.europa.eu/document-
library/opinions/opinion-012020>. library/opinions/opinion-012020>.
[Part107] United States Federal Aviation Administration, "Code of [Part107] Code of Federal Regulations, "Part 107 - SMALL UNMANNED
Federal Regulations Part 107", June 2016, AIRCRAFT SYSTEMS", June 2016,
<https://www.ecfr.gov/cgi-bin/text-idx?node=pt14.2.107>. <https://www.ecfr.gov/cgi-bin/text-idx?node=pt14.2.107>.
[Recommendations] [Recommendations]
FAA UAS Identification and Tracking Aviation Rulemaking FAA UAS Identification and Tracking (UAS ID) Aviation
Committee, "UAS ID and Tracking ARC Recommendations Final Rulemaking Committee (ARC), "UAS Identification and
Report", September 2017, <https://www.faa.gov/regulations_ Tracking (UAS ID) Aviation Rulemaking Committee (ARC): ARC
policies/rulemaking/committees/documents/media/ Recommendations Final Report", September 2017, <https://ww
w.faa.gov/regulations_policies/rulemaking/committees/
documents/media/
UAS%20ID%20ARC%20Final%20Report%20with%20Appendices.pdf>. UAS%20ID%20ARC%20Final%20Report%20with%20Appendices.pdf>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122, Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005, DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>. <https://www.rfc-editor.org/info/rfc4122>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
skipping to change at page 45, line 37 skipping to change at line 2202
<https://www.rfc-editor.org/info/rfc7401>. <https://www.rfc-editor.org/info/rfc7401>.
[RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights [RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights
Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280,
October 2017, <https://www.rfc-editor.org/info/rfc8280>. October 2017, <https://www.rfc-editor.org/info/rfc8280>.
[RFC9063] Moskowitz, R., Ed. and M. Komu, "Host Identity Protocol [RFC9063] Moskowitz, R., Ed. and M. Komu, "Host Identity Protocol
Architecture", RFC 9063, DOI 10.17487/RFC9063, July 2021, Architecture", RFC 9063, DOI 10.17487/RFC9063, July 2021,
<https://www.rfc-editor.org/info/rfc9063>. <https://www.rfc-editor.org/info/rfc9063>.
[Roadmap] American National Standards Institute (ANSI) Unmanned [Roadmap] ANSI Unmanned Aircraft Systems Standardization
Aircraft Systems Standardization Collaborative (UASSC), Collaborative (UASSC), "Standardization Roadmap for
"Standardization Roadmap for Unmanned Aircraft Systems Unmanned Aircraft Systems", Working Draft, Version 2.0,
draft v2.0", April 2020, <https://share.ansi.org/Shared April 2020, <https://share.ansi.org/Shared Documents/
Documents/Standards Activities/UASSC/ Standards Activities/UASSC/
UASSC_20-001_WORKING_DRAFT_ANSI_UASSC_Roadmap_v2.pdf>. UASSC_20-001_WORKING_DRAFT_ANSI_UASSC_Roadmap_v2.pdf>.
[Stranger] Heinlein, R.A., "Stranger in a Strange Land", June 1961. [Stranger] Heinlein, R., "Stranger in a Strange Land", June 1961.
[WG105] EUROCAE, "WG-105 draft ED-282 Minimum Operational [WG105] EUROCAE, "Minimum Operational Performance Standards (MOPS)
Performance Standards (MOPS) for Unmanned Aircraft System for Unmanned Aircraft System (UAS) Electronic
(UAS) Electronic Identification", June 2020. Identification", WG-105 SG-32 draft ED-282, June 2020.
[WiFiNAN] Wi-Fi Alliance, "Wi-Fi Aware™ Specification Version 3.2", [WiFiNAN] Wi-Fi Alliance, "Wi-Fi Aware", October 2020,
October 2020, <https://www.wi-fi.org/downloads-registered- <https://www.wi-fi.org/discover-wi-fi/wi-fi-aware>.
guest/Wi-Fi_Aware_Specification_v3.2.pdf/29731>.
Appendix A. Discussion and Limitations Appendix A. Discussion and Limitations
This document is largely based on the process of one SDO, ASTM. This document is largely based on the process of one SDO -- ASTM.
Therefore, it is tailored to specific needs and data formats of this Therefore, it is tailored to specific needs and data formats of
standard. Other organizations, for example in EU, do not necessarily ASTM's "Standard Specification for Remote ID and Tracking"
follow the same architecture. [F3411-19]. Other organizations (for example, in the EU) do not
necessarily follow the same architecture.
The need for drone ID and operator privacy is an open discussion The need for drone ID and operator privacy is an open discussion
topic. For instance, in the ground vehicular domain each car carries topic. For instance, in the ground vehicular domain, each car
a publicly visible plate number. In some countries, for nominal cost carries a publicly visible plate number. In some countries, for
or even for free, anyone can resolve the identity and contact nominal cost or even for free, anyone can resolve the identity and
information of the owner. Civil commercial aviation and maritime contact information of the owner. Civil commercial aviation and
industries also have a tradition of broadcasting plane or ship ID, maritime industries also have a tradition of broadcasting plane or
coordinates, and even flight plans in plain text. Community networks ship ID, coordinates, and even flight plans in plaintext. Community
such as OpenSky [OpenSky] and Flightradar24 [FR24] use this open networks such as OpenSky [OpenSky] and Flightradar24 [FR24] use this
information through ADS-B to deploy public services of flight open information through ADS-B to deploy public services of flight
tracking. Many researchers also use these data to perform tracking. Many researchers also use these data to perform
optimization of routes and airport operations. Such ID information optimization of routes and airport operations. Such ID information
should be integrity protected, but not necessarily confidential. should be integrity protected, but not necessarily confidential.
In civil aviation, aircraft identity is broadcast by a device known In civil aviation, aircraft identity is broadcast by a device known
as transponder. It transmits a four octal digit squawk code, which as transponder. It transmits a four-octal digit squawk code, which
is assigned by a traffic controller to an airplane after approving a is assigned by a traffic controller to an airplane after approving a
flight plan. There are several reserved codes such as 7600 which flight plan. There are several reserved codes, such as 7600, that
indicate radio communication failure. The codes are unique in each indicate radio communication failure. The codes are unique in each
traffic area and can be re-assigned when entering another control traffic area and can be re-assigned when entering another control
area. The code is transmitted in plain text by the transponder and area. The code is transmitted in plaintext by the transponder and
also used for collision avoidance by a system known as Traffic alert also used for collision avoidance by a system known as Traffic alert
and Collision Avoidance System (TCAS). The system could be used for and Collision Avoidance System (TCAS). The system could be used for
UAS as well initially, but the code space is quite limited and likely UAS as well initially, but the code space is quite limited and likely
to be exhausted soon. The number of UAS far exceeds the number of to be exhausted soon. The number of UAS far exceeds the number of
civil airplanes in operation. civil airplanes in operation.
The ADS-B system is utilized in civil aviation for each "ADS-B Out" The ADS-B system is utilized in civil aviation for each "ADS-B Out"
equipped airplane to broadcast its ID, coordinates, and altitude for equipped airplane to broadcast its ID, coordinates, and altitude for
other airplanes and ground control stations. If this system is other airplanes and ground control stations. If this system is
adopted for drone IDs, it has additional benefit with backward adopted for drone IDs, it has additional benefit with backward
compatibility with civil aviation infrastructure; then, pilots and compatibility with civil aviation infrastructure; then, pilots and
dispatchers will be able to see UA on their control screens and take dispatchers will be able to see UA on their control screens and take
those into account. If not, a gateway translation system between the those into account. If not, a gateway translation system between the
proposed drone ID and civil aviation system should be implemented. proposed drone ID and civil aviation system should be implemented.
Again, system saturation due to large numbers of UAS is a concern. Again, system saturation due to large numbers of UAS is a concern.
The Mode S transponders used in all TCAS and most ADS-B Out The Mode S transponders used in all TCAS and most "ADS-B Out"
installations are assigned an ICAO 24 bit "address" (arguably really installations are assigned an ICAO 24-bit "address" (arguably really
an identifier rather than a locator) that is associated with the an identifier rather than a locator) that is associated with the
aircraft as part of its registration. In the US alone, well over aircraft as part of its registration. In the US alone, well over
2^20 UAS are already flying; thus, a 24 bit space likely would be 2^20 UAS are already flying; thus, a 24-bit space likely would be
rapidly exhausted if used for UAS (other than large UAS flying in rapidly exhausted if used for UAS (other than large UAS flying in
controlled airspace, especially internationally, under rules other controlled airspace, especially internationally, under rules other
than those governing small UAS at low altitudes). than those governing small UAS at low altitudes).
Wi-Fi and Bluetooth are two wireless technologies currently Wi-Fi and Bluetooth are two wireless technologies currently
recommended by ASTM specifications due to their widespread use and recommended by ASTM specifications due to their widespread use and
broadcast nature. However, those have limited range (max 100s of broadcast nature. However, those have limited range (max 100s of
meters) and may not reliably deliver UAS ID at high altitude or meters) and may not reliably deliver UAS ID at high altitude or
distance. Therefore, a study should be made of alternative distance. Therefore, a study should be made of alternative
technologies from the telecom domain (WiMAX / IEEE 802.16, 5G) or technologies from the telecom domain (e.g., WiMAX / IEEE 802.16, 5G)
sensor networks (Sigfox, LoRa). Such transmission technologies can or sensor networks (e.g., Sigfox, LoRa). Such transmission
impose additional restrictions on packet sizes and frequency of technologies can impose additional restrictions on packet sizes and
transmissions, but could provide better energy efficiency and range. frequency of transmissions but could provide better energy efficiency
and range.
In civil aviation, Controller-Pilot Data Link Communications (CPDLC) In civil aviation, Controller-Pilot Data Link Communications (CPDLC)
is used to transmit command and control between the pilots and ATC. is used to transmit command and control between the pilots and ATC.
It could be considered for UAS as well due to long range and proven It could be considered for UAS as well due to long-range and proven
use despite its lack of security [CPDLC]. use despite its lack of security [CPDLC].
L-band Digital Aeronautical Communications System (LDACS) is being L-band Digital Aeronautical Communications System (LDACS) is being
standardized by ICAO and IETF for use in future civil aviation standardized by ICAO and IETF for use in future civil aviation
[I-D.ietf-raw-ldacs]. It provides secure communication, positioning, [LDACS]. LDACS provides secure communication, positioning, and
and control for aircraft using a dedicated radio band. It should be control for aircraft using a dedicated radio band. It should be
analyzed as a potential provider for UAS RID as well. This will analyzed as a potential provider for UAS RID as well. This will
bring the benefit of a global integrated system creating a global bring the benefit of a global integrated system creating awareness of
airspace use awareness. global airspace use.
Acknowledgments Acknowledgments
The work of the FAA's UAS Identification and Tracking (UAS ID) The work of the FAA's UAS Identification and Tracking Aviation
Aviation Rulemaking Committee (ARC) is the foundation of later ASTM Rulemaking Committee (ARC) is the foundation of later ASTM [F3411-19]
[F3411-19] and IETF DRIP efforts. The work of Gabriel Cox, Intel and IETF DRIP efforts. The work of Gabriel Cox, Intel Corp., and
Corp., and their Open Drone ID collaborators opened UAS RID to a their Open Drone ID collaborators opened UAS RID to a wider
wider community. The work of ASTM F38.02 in balancing the interests community. The work of ASTM F38.02 in balancing the interests of
of diverse stakeholders is essential to the necessary rapid and diverse stakeholders is essential to the necessary rapid and
widespread deployment of UAS RID. IETF volunteers who have widespread deployment of UAS RID. IETF volunteers who have
extensively reviewed or otherwise contributed to this document extensively reviewed or otherwise contributed to this document
include Amelia Andersdotter, Carsten Bormann, Toerless Eckert, Susan include Amelia Andersdotter, Carsten Bormann, Toerless Eckert, Susan
Hares, Mika Jarvenpaa, Alexandre Petrescu, Saulo Da Silva and Shuai Hares, Mika Jarvenpaa, Alexandre Petrescu, Saulo Da Silva, and Shuai
Zhao. Thanks to Linda Dunbar for the Secdir review, Nagendra Nainar Zhao. Thanks to Linda Dunbar for the SECDIR review, Nagendra Nainar
for the Opsdir review and Suresh Krishnan for the Gen-ART review. for the OPSDIR review, and Suresh Krishnan for the Gen-ART review.
Thanks to IESG members Roman Danyliw, Erik Kline, Murray Kucherawy Thanks to IESG members Roman Danyliw, Erik Kline, Murray Kucherawy,
and Robert Wilton for helpful and positive comments. Thanks to and Robert Wilton for helpful and positive comments. Thanks to
chairs Daniel Migault and Mohamed Boucadair for direction of our team chairs Daniel Migault and Mohamed Boucadair for direction of our team
of authors and editor, some of whom are newcomers to writing IETF of authors and editor, some of whom are newcomers to writing IETF
documents. Thanks especially to Internet Area Director Eric Vyncke documents. Thanks especially to Internet Area Director Éric Vyncke
for guidance and support. for guidance and support.
This work was partly supported by the EU project AiRMOUR (enabling
sustainable air mobility in urban contexts via emergency and medical
services) under grant agreement no. 101006601.
Authors' Addresses Authors' Addresses
Stuart W. Card (editor) Stuart W. Card (editor)
AX Enterprize AX Enterprize
4947 Commercial Drive 4947 Commercial Drive
Yorkville, NY 13495 Yorkville, NY 13495
United States of America United States of America
Email: stu.card@axenterprize.com Email: stu.card@axenterprize.com
 End of changes. 291 change blocks. 
973 lines changed or deleted 1091 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/